--- /dev/null
+--- dhcp-4.0.0//client/clparse.c.nmcrash 2008-04-01 10:25:39.000000000 -1000
++++ dhcp-4.0.0//client/clparse.c 2008-04-01 10:26:20.000000000 -1000
+@@ -227,6 +227,9 @@ int read_client_conf_file (const char *n
+ cfile = (struct parse *)0;
+ new_parse (&cfile, file, (char *)0, 0, path_dhclient_conf, 0);
+
++ if (!cfile)
++ return ISC_R_BADPARSE;
++
+ do {
+ token = peek_token (&val, (unsigned *)0, cfile);
+ if (token == END_OF_FILE)
--- /dev/null
+LDAP Support in DHCP
+Brian Masney <masneyb@ntelos.net>
+Last updated 3/23/2003
+
+This document describes setting up the DHCP server to read it's configuration
+from LDAP. This work is based on the IETF document
+draft-ietf-dhc-ldap-schema-01.txt included in the doc directory. For the
+latest version of this document, please see http://home.ntelos.net/~masneyb.
+
+First question on most people's mind is "Why do I want to store my
+configuration in LDAP?" If you run a small DHCP server, and the configuration
+on it rarely changes, then you won't need to store your configuration in LDAP.
+But, if you have several DHCP servers, and you want an easy way to manage your
+configuration, this can be a solution.
+
+The first step will be to setup your LDAP server. I am using OpenLDAP from
+www.openldap.org. Building and installing OpenLDAP is beyond the scope of
+this document. There is plenty of documentation out there about this. Once
+you have OpenLDAP installed, you will have to edit your slapd.conf file. I
+added the following 2 lines to my configuration file:
+
+include /etc/ldap/schema/dhcp.schema
+index dhcpHWAddress eq
+index dhcpClassData eq
+
+The first line tells it to include the dhcp schema file. You will find this
+file under the contrib directory in this distribution. You will need to copy
+this file to where your other schema files are (maybe
+/usr/local/openldap/etc/openldap/schema/). The second line sets up an index
+for the dhcpHWAddress parameter. The third parameter is for reading subclasses
+from LDAP every time a DHCP request comes in. Make sure you run the slapindex
+command and restart slapd to have these changes to into effect.
+
+Now that you have LDAP setup, you should be able to use gq
+(http://biot.com/gq/) to verify that the dhcp schema file is loaded into LDAP.
+Pull up gq, and click on the Schema tab. Go under objectClasses, and you
+should see at least the following object classes listed: dhcpClass, dhcpGroup,
+dhcpHost, dhcpOptions, dhcpPool, dhcpServer, dhcpService, dhcpSharedNetwork,
+dhcpSubClass, and dhcpSubnet. If you do not see these, you need to check over
+your LDAP configuration before you go any further.
+
+You should now be ready to build DHCP. If you would like to enable LDAP over
+SSL, you will need to perform the following steps:
+
+ * Edit the includes/site.h file and uncomment the USE_SSL line
+ or specify "-DUSE_SSL" via CFLAGS.
+ * Edit the dst/Makefile.dist file and remove md5_dgst.c and md5_dgst.o
+ from the SRC= and OBJ= lines (around line 24)
+ * Now run configure in the base source directory. If you chose to enable
+ LDAP over SSL, you must append -lcrypto -lssl to the LIBS= line in the
+ file work.os/server/Makefile (replace os with your operating system,
+ linux-2.2 on my machine). You should now be able to type make to build
+ your DHCP server.
+
+If you choose to not enable LDAP over SSL, then you only need to run configure
+and make in the toplevel source directory.
+
+Once you have DHCP installed, you will need to setup your initial plaintext
+config file. In my /etc/dhcpd.conf file, I have:
+
+ldap-server "localhost";
+ldap-port 389;
+ldap-username "cn=DHCP User, dc=ntelos, dc=net";
+ldap-password "blah";
+ldap-base-dn "dc=ntelos, dc=net";
+ldap-method dynamic;
+ldap-debug-file "/var/log/dhcp-ldap-startup.log";
+
+If SSL has been enabled at compile time using the USE_SSL flag, the dhcp
+server trys to use TLS if possible, but continues without TLS if not.
+
+You can modify this behaviour using following option in /etc/dhcpd.conf:
+
+ldap-ssl <off | ldaps | start_tls | on>
+ off: disables TLS/LDAPS.
+ ldaps: enables LDAPS -- don't forget to set ldap-port to 636.
+ start_tls: enables TLS using START_TLS command
+ on: enables LDAPS if ldap-port is set to 636 or TLS in
+ other cases.
+
+See also "man 5 ldap.conf" for description the following TLS related
+options:
+ ldap-tls-reqcert, ldap-tls-ca-file, ldap-tls-ca-dir, ldap-tls-cert
+ ldap-tls-key, ldap-tls-crlcheck, ldap-tls-ciphers, ldap-tls-randfile
+
+All of these parameters should be self explanatory except for the ldap-method.
+You can set this to static or dynamic. If you set it to static, the
+configuration is read once on startup, and LDAP isn't used anymore. But, if
+you set this to dynamic, the configuration is read once on startup, and the
+hosts that are stored in LDAP are looked up every time a DHCP request comes
+in.
+
+When the optional statement ldap-debug-file is specified, on startup the DHCP
+server will write out the configuration that it generated from LDAP. If you
+are getting errors about your LDAP configuration, this is a good place to
+start looking.
+
+The next step is to set up your LDAP tree. Here is an example config that will
+give a 10.100.0.x address to machines that have a host entry in LDAP.
+Otherwise, it will give a 10.200.0.x address to them. (NOTE: replace
+dc=ntelos, dc=net with your base dn). If you would like to convert your
+existing dhcpd.conf file to LDIF format, there is a script
+contrib/dhcpd-conf-to-ldap.pl that will convert it for you. Type
+dhcpd-conf-to-ldap.pl --help to see the usage information for this script.
+
+# You must specify the server's host name in LDAP that you are going to run
+# DHCP on and point it to which config tree you want to use. Whenever DHCP
+# first starts up, it will do a search for this entry to find out which
+# config to use
+dn: cn=brian.ntelos.net, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpServer
+cn: brian.ntelos.net
+dhcpServiceDN: cn=DHCP Service Config, dc=ntelos, dc=net
+
+# Here is the config tree that brian.ntelos.net points to.
+dn: cn=DHCP Service Config, dc=ntelos, dc=net
+cn: DHCP Service Config
+objectClass: top
+objectClass: dhcpService
+dhcpPrimaryDN: dc=ntelos, dc=net
+dhcpStatements: ddns-update-style none
+dhcpStatements: default-lease-time 600
+dhcpStatements: max-lease-time 7200
+
+# Set up a shared network segment
+dn: cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: WV
+objectClass: top
+objectClass: dhcpSharedNetwork
+
+# Set up a subnet declaration with a pool statement. Also note that we have
+# a dhcpOptions object with this entry
+dn: cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: 10.100.0.0
+objectClass: top
+objectClass: dhcpSubnet
+objectClass: dhcpOptions
+dhcpOption: domain-name-servers 10.100.0.2
+dhcpOption: routers 10.100.0.1
+dhcpOption: subnet-mask 255.255.255.0
+dhcpOption: broadcast-address 10.100.0.255
+dhcpNetMask: 24
+
+# Set up a pool for this subnet. Only known hosts will get these IPs
+dn: cn=Known Pool, cn=10.100.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: Known Pool
+objectClass: top
+objectClass: dhcpPool
+dhcpRange: 10.100.0.3 10.100.0.254
+dhcpPermitList: deny unknown-clients
+
+# Set up another subnet declaration with a pool statement
+dn: cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: 10.200.0.0
+objectClass: top
+objectClass: dhcpSubnet
+objectClass: dhcpOptions
+dhcpOption: domain-name-servers 10.200.0.2
+dhcpOption: routers 10.200.0.1
+dhcpOption: subnet-mask 255.255.255.0
+dhcpOption: broadcast-address 10.200.0.255
+dhcpNetMask: 24
+
+# Set up a pool for this subnet. Only unknown hosts will get these IPs
+dn: cn=Known Pool, cn=10.200.0.0, cn=WV Test, cn=DHCP Service Config, dc=ntelos, dc=net
+cn: Known Pool
+objectClass: top
+objectClass: dhcpPool
+dhcpRange: 10.200.0.3 10.200.0.254
+dhcpPermitList: deny known clients
+
+# Set aside a group for all of our known MAC addresses
+dn: cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpGroup
+cn: Customers
+
+# Host entry for my laptop
+dn: cn=brianlaptop, cn=Customers, cn=DHCP Service Config, dc=ntelos, dc=net
+objectClass: top
+objectClass: dhcpHost
+cn: brianlaptop
+dhcpHWAddress: ethernet 00:00:00:00:00:00
+
+You can use the command slapadd to load all of these entries into your LDAP
+server. After you load this, you should be able to start up DHCP. If you run
+into problems reading the configuration, try running dhcpd with the -d flag.
+If you still have problems, edit the site.conf file in the DHCP source and
+add the line: COPTS= -DDEBUG_LDAP and recompile DHCP. (make sure you run make
+clean and rerun configure before you rebuild).
+
--- /dev/null
+diff -up dhcp-4.0.0/client/clparse.c.dho dhcp-4.0.0/client/clparse.c
+--- dhcp-4.0.0/client/clparse.c.dho 2007-12-29 06:32:16.000000000 -1000
++++ dhcp-4.0.0/client/clparse.c 2007-12-29 06:35:41.000000000 -1000
+@@ -37,7 +37,7 @@
+
+ struct client_config top_level_config;
+
+-#define NUM_DEFAULT_REQUESTED_OPTS 9
++#define NUM_DEFAULT_REQUESTED_OPTS 12
+ struct option *default_requested_options[NUM_DEFAULT_REQUESTED_OPTS + 1];
+
+ static void parse_client_default_duid(struct parse *cfile);
+@@ -107,6 +107,21 @@ isc_result_t read_client_conf ()
+ option_code_hash_lookup(&default_requested_options[8],
+ dhcpv6_universe.code_hash, &code, 0, MDL);
+
++ /* 10 */
++ code = DHO_NIS_DOMAIN;
++ option_code_hash_lookup(&default_requested_options[9],
++ dhcp_universe.code_hash, &code, 0, MDL);
++
++ /* 11 */
++ code = DHO_NIS_SERVERS;
++ option_code_hash_lookup(&default_requested_options[10],
++ dhcp_universe.code_hash, &code, 0, MDL);
++
++ /* 12 */
++ code = DHO_NTP_SERVERS;
++ option_code_hash_lookup(&default_requested_options[11],
++ dhcp_universe.code_hash, &code, 0, MDL);
++
+ for (code = 0 ; code < NUM_DEFAULT_REQUESTED_OPTS ; code++) {
+ if (default_requested_options[code] == NULL)
+ log_fatal("Unable to find option definition for "
--- /dev/null
+diff -up dhcp-4.0.0/common/lpf.c.anycast dhcp-4.0.0/common/lpf.c
+--- dhcp-4.0.0/common/lpf.c.anycast 2007-12-29 06:44:46.000000000 -1000
++++ dhcp-4.0.0/common/lpf.c 2007-12-29 10:40:11.000000000 -1000
+@@ -331,6 +331,9 @@ ssize_t send_packet (interface, packet,
+ return send_fallback (interface, packet, raw,
+ len, from, to, hto);
+
++ if (hto == NULL && interface->anycast_mac_addr.hlen)
++ hto = &interface->anycast_mac_addr;
++
+ /* Assemble the headers... */
+ assemble_hw_header (interface, (unsigned char *)hh, &hbufp, hto);
+ fudge = hbufp % 4; /* IP header must be word-aligned. */
+diff -up dhcp-4.0.0/common/conflex.c.anycast dhcp-4.0.0/common/conflex.c
+--- dhcp-4.0.0/common/conflex.c.anycast 2007-12-29 06:44:46.000000000 -1000
++++ dhcp-4.0.0/common/conflex.c 2007-12-29 10:39:30.000000000 -1000
+@@ -715,6 +715,8 @@ intern(char *atom, enum dhcp_token dfv)
+ }
+ if (!strcasecmp (atom + 1, "nd"))
+ return AND;
++ if (!strcasecmp (atom + 1, "nycast-mac"))
++ return ANYCAST_MAC;
+ if (!strcasecmp (atom + 1, "ppend"))
+ return APPEND;
+ if (!strcasecmp (atom + 1, "llow"))
+diff -up dhcp-4.0.0/includes/dhcpd.h.anycast dhcp-4.0.0/includes/dhcpd.h
+--- dhcp-4.0.0/includes/dhcpd.h.anycast 2007-12-29 06:44:46.000000000 -1000
++++ dhcp-4.0.0/includes/dhcpd.h 2007-12-29 10:42:56.000000000 -1000
+@@ -1188,6 +1188,7 @@ struct interface_info {
+ int dlpi_sap_length;
+ struct hardware dlpi_broadcast_addr;
+ # endif /* DLPI_SEND || DLPI_RECEIVE */
++ struct hardware anycast_mac_addr;
+ };
+
+ struct hardware_link {
+diff -up dhcp-4.0.0/includes/dhctoken.h.anycast dhcp-4.0.0/includes/dhctoken.h
+--- dhcp-4.0.0/includes/dhctoken.h.anycast 2007-12-29 06:44:46.000000000 -1000
++++ dhcp-4.0.0/includes/dhctoken.h 2007-12-29 10:44:00.000000000 -1000
+@@ -346,7 +346,8 @@ enum dhcp_token {
+ WHITESPACE = 649,
+ TOKEN_ALSO = 650,
+ AFTER = 651,
+- BOOTP_BROADCAST_ALWAYS = 652
++ BOOTP_BROADCAST_ALWAYS = 652,
++ ANYCAST_MAC = 653
+ };
+
+ #define is_identifier(x) ((x) >= FIRST_TOKEN && \
+diff -up dhcp-4.0.0/client/clparse.c.anycast dhcp-4.0.0/client/clparse.c
+--- dhcp-4.0.0/client/clparse.c.anycast 2007-12-29 06:44:46.000000000 -1000
++++ dhcp-4.0.0/client/clparse.c 2007-12-29 10:38:55.000000000 -1000
+@@ -550,6 +550,17 @@ void parse_client_statement (cfile, ip,
+ }
+ return;
+
++ case ANYCAST_MAC:
++ token = next_token (&val, (unsigned *)0, cfile);
++ if (ip) {
++ parse_hardware_param (cfile, &ip -> anycast_mac_addr);
++ } else {
++ parse_warn (cfile, "anycast mac address parameter %s",
++ "not allowed here.");
++ skip_to_semi (cfile);
++ }
++ return;
++
+ case REQUEST:
+ token = next_token (&val, (unsigned *)0, cfile);
+ if (config -> requested_options == default_requested_options)
--- /dev/null
+--- dhcp-3.0.5/client/dhclient.c.decline 2007-03-30 15:29:58.000000000 -0400
++++ dhcp-3.0.5/client/dhclient.c 2007-03-30 15:50:25.000000000 -0400
+@@ -934,6 +934,7 @@
+ void *cpp;
+ {
+ struct client_state *client = cpp;
++ enum dhcp_state init_state = client->state;
+
+ ASSERT_STATE(state, S_INIT);
+
+@@ -946,9 +947,16 @@
+ client -> first_sending = cur_time;
+ client -> interval = client -> config -> initial_interval;
+
+- /* Add an immediate timeout to cause the first DHCPDISCOVER packet
+- to go out. */
+- send_discover (client);
++ if (init_state != S_DECLINED) {
++ /* Add an immediate timeout to cause the first DHCPDISCOVER packet
++ to go out. */
++ send_discover(client);
++ } else {
++ /* We've received an OFFER and it has been DECLINEd by dhclient-script.
++ * wait for a random time between 1 and backoff_cutoff seconds before
++ * trying again. */
++ add_timeout(cur_time + ((1 + (random() >> 2)) % client->config->backoff_cutoff), send_discover, client, 0, 0);
++ }
+ }
+
+ /* state_selecting is called when one or more DHCPOFFER packets have been
+@@ -1215,6 +1223,7 @@
+ send_decline (client);
+ destroy_client_lease (client -> new);
+ client -> new = (struct client_lease *)0;
++ client -> state = S_DECLINED;
+ state_init (client);
+ return;
+ }
+@@ -3183,6 +3192,7 @@
+ case S_INIT:
+ case S_REBINDING:
+ case S_STOPPED:
++ case S_DECLINED:
+ break;
+ }
+ client -> state = S_INIT;
+--- dhcp-3.0.5/includes/dhcpd.h.decline 2007-03-30 15:30:14.000000000 -0400
++++ dhcp-3.0.5/includes/dhcpd.h 2007-03-30 15:50:53.000000000 -0400
+@@ -704,7 +704,8 @@
+ S_BOUND = 5,
+ S_RENEWING = 6,
+ S_REBINDING = 7,
+- S_STOPPED = 8
++ S_STOPPED = 8,
++ S_DECLINED = 9
+ };
+
+ /* Authentication and BOOTP policy possibilities (not all values work
--- /dev/null
+diff -up dhcp-4.0.0/client/dhclient.c.usage dhcp-4.0.0/client/dhclient.c
+--- dhcp-4.0.0/client/dhclient.c.usage 2008-02-13 16:20:30.000000000 -1000
++++ dhcp-4.0.0/client/dhclient.c 2008-02-13 16:21:05.000000000 -1000
+@@ -882,21 +882,30 @@ main(int argc, char **argv) {
+
+ static void usage ()
+ {
+- log_info ("%s %s", message, PACKAGE_VERSION);
+- log_info (copyright);
+- log_info (arr);
+- log_info (url);
++ printf ("%s %s\n", message, PACKAGE_VERSION);
++ printf (copyright);
++ printf ("\n");
++ printf (arr);
++ printf ("\n");
++ printf (url);
++ printf ("\n");
+
+- log_error ("Usage: dhclient %s %s",
++ printf ("Usage: dhclient %s %s",
+ #ifdef DHCPv6
+ "[-4|-6] [-1dvrx] [-nw] [-p <port>]",
+ #else /* DHCPv6 */
+ "[-1dvrx] [-nw] [-p <port>]",
+ #endif /* DHCPv6 */
+- "[-s server]");
+- log_error (" [-cf config-file] [-lf lease-file]%s",
+- "[-pf pid-file] [-e VAR=val]");
+- log_fatal (" [-sf script-file] [interface]");
++ "[-s server]\n");
++ printf (" [-cf config-file] [-lf lease-file]%s",
++ "[-pf pid-file] [-e VAR=val]\n");
++ printf (" [ -I <dhcp-client-identifier> ] [-B]\n");
++ printf (" [ -H <host-name> | -F <fqdn.fqdn> ] [ -T <timeout> ]\n");
++ printf (" [ -V <vendor-class-identifier> ]\n");
++ printf (" [ -R <request option list> ]\n");
++ printf (" [-sf script-file] [interface]\n");
++
++ exit (EXIT_FAILURE);
+ }
+
+ isc_result_t find_class (struct class **c,
--- /dev/null
+--- dhcp-3.0.5/omapip/errwarn.c.message 2007-03-29 15:03:12.000000000 -0400
++++ dhcp-3.0.5/omapip/errwarn.c 2007-03-29 15:08:50.000000000 -0400
+@@ -80,20 +80,13 @@
+
+ #if !defined (NOMINUM)
+ log_error ("%s", "");
+- log_error ("If you did not get this software from ftp.isc.org, please");
+- log_error ("get the latest from ftp.isc.org and install that before");
+- log_error ("requesting help.");
++ log_error ("This version of ISC DHCP is based on the release available");
++ log_error ("on ftp.isc.org. Features have been added and other changes");
++ log_error ("have been made to the base software release in order to make");
++ log_error ("it work better with this distribution.");
+ log_error ("%s", "");
+- log_error ("If you did get this software from ftp.isc.org and have not");
+- log_error ("yet read the README, please read it before requesting help.");
+- log_error ("If you intend to request help from the dhcp-server@isc.org");
+- log_error ("mailing list, please read the section on the README about");
+- log_error ("submitting bug reports and requests for help.");
+- log_error ("%s", "");
+- log_error ("Please do not under any circumstances send requests for");
+- log_error ("help directly to the authors of this software - please");
+- log_error ("send them to the appropriate mailing list as described in");
+- log_error ("the README file.");
++ log_error ("Please report for this software via the Red Hat Bugzilla site:");
++ log_error (" http://bugzilla.redhat.com");
+ log_error ("%s", "");
+ log_error ("exiting.");
+ #endif
--- /dev/null
+--- dhcp-3.0.5/server/confpars.c.failover 2007-03-30 16:28:08.000000000 -0400
++++ dhcp-3.0.5/server/confpars.c 2007-03-30 16:32:39.000000000 -0400
+@@ -998,10 +998,17 @@
+ parse_warn (cfile, "peer address may not be omitted");
+
+ /* XXX - when/if we get a port number assigned, just set as default */
++ /* See Red Hat Bugzilla 167292:
++ * we do now: dhcp-failover 647/tcp
++ * dhcp-failover 647/udp
++ * dhcp-failover 847/tcp
++ * dhcp-failover 847/udp
++ * IANA registration by Bernard Volz <volz@cisco.com>
++ */
+ if (!peer -> me.port)
+- parse_warn (cfile, "local port may not be omitted");
++ peer -> me.port = 647;
+ if (!peer -> partner.port)
+- parse_warn (cfile, "peer port may not be omitted");
++ peer -> partner.port = 847;
+
+ if (peer -> i_am == primary) {
+ if (!peer -> hba) {
--- /dev/null
+diff -up dhcp-4.0.0/client/dhclient.c.fast dhcp-4.0.0/client/dhclient.c
+--- dhcp-4.0.0/client/dhclient.c.fast 2007-12-29 06:07:14.000000000 -1000
++++ dhcp-4.0.0/client/dhclient.c 2007-12-29 06:08:07.000000000 -1000
+@@ -3624,10 +3624,7 @@ isc_result_t dhclient_interface_startup_
+ ip -> flags |= INTERFACE_RUNNING;
+ for (client = ip -> client; client; client = client -> next) {
+ client -> state = S_INIT;
+- /* Set up a timeout to start the initialization
+- process. */
+- add_timeout (cur_time + random () % 5,
+- state_reboot, client, 0, 0);
++ add_timeout (cur_time, state_reboot, client, 0, 0);
+ }
+ }
+ return ISC_R_SUCCESS;
--- /dev/null
+diff -up dhcp-4.0.0/server/dhcpd.conf.5.manpages dhcp-4.0.0/server/dhcpd.conf.5
+--- dhcp-4.0.0/server/dhcpd.conf.5.manpages 2007-11-20 08:34:37.000000000 -1000
++++ dhcp-4.0.0/server/dhcpd.conf.5 2008-01-02 11:26:38.000000000 -1000
+@@ -513,6 +513,9 @@ pool {
+ };
+ .fi
+ .PP
++Dynamic BOOTP leases are not compatible with failover, and, as such,
++you need to disallow BOOTP in pools that you are using failover for.
++.PP
+ The server currently does very little sanity checking, so if you
+ configure it wrong, it will just fail in odd ways. I would recommend
+ therefore that you either do failover or don't do failover, but don't
+@@ -527,9 +530,9 @@ primary server might look like this:
+ failover peer "foo" {
+ primary;
+ address anthrax.rc.vix.com;
+- port 519;
++ port 647;
+ peer address trantor.rc.vix.com;
+- peer port 520;
++ peer port 847;
+ max-response-delay 60;
+ max-unacked-updates 10;
+ mclt 3600;
+@@ -588,9 +591,7 @@ statement
+ .B port \fIport-number\fR\fB;\fR
+ .PP
+ The \fBport\fR statement declares the TCP port on which the server
+-should listen for connections from its failover peer. This statement
+-may not currently be omitted, because the failover protocol does not
+-yet have a reserved TCP port number.
++should listen for connections from its failover peer.
+ .RE
+ .PP
+ The
+@@ -602,10 +603,8 @@ statement
+ .PP
+ The \fBpeer port\fR statement declares the TCP port to which the
+ server should connect to reach its failover peer for failover
+-messages. This statement may not be omitted because the failover
+-protocol does not yet have a reserved TCP port number. The port
+-number declared in the \fBpeer port\fR statement may be the same as
+-the port number declared in the \fBport\fR statement.
++messages. The port number declared in the \fBpeer port\fR statement
++may be the same as the port number declared in the \fBport\fR statement.
+ .RE
+ .PP
+ The
+@@ -1272,7 +1271,7 @@ the zone containing PTR records - for IS
+ .PP
+ .nf
+ key DHCP_UPDATER {
+- algorithm HMAC-MD5.SIG-ALG.REG.INT;
++ algorithm hmac-md5;
+ secret pRP5FapFoJ95JEL06sv4PQ==;
+ };
+
+@@ -1295,7 +1294,7 @@ dhcpd.conf file:
+ .PP
+ .nf
+ key DHCP_UPDATER {
+- algorithm HMAC-MD5.SIG-ALG.REG.INT;
++ algorithm hmac-md5;
+ secret pRP5FapFoJ95JEL06sv4PQ==;
+ };
+
+@@ -2433,7 +2432,8 @@ statement
+ The \fInext-server\fR statement is used to specify the host address of
+ the server from which the initial boot file (specified in the
+ \fIfilename\fR statement) is to be loaded. \fIServer-name\fR should
+-be a numeric IP address or a domain name.
++be a numeric IP address or a domain name. If no \fInext-server\fR statement
++applies to a given client, the address 0.0.0.0 is used.
+ .RE
+ .PP
+ The
+diff -up dhcp-4.0.0/common/dhcp-options.5.manpages dhcp-4.0.0/common/dhcp-options.5
+--- dhcp-4.0.0/common/dhcp-options.5.manpages 2007-09-17 07:52:01.000000000 -1000
++++ dhcp-4.0.0/common/dhcp-options.5 2008-01-02 11:26:38.000000000 -1000
+@@ -896,6 +896,21 @@ classless IP routing - it does not inclu
+ classless IP routing is now the most widely deployed routing standard,
+ this option is virtually useless, and is not implemented by any of the
+ popular DHCP clients, for example the Microsoft DHCP client.
++.PP
++NOTE to @PRODUCTNAME@ dhclient users:
++.br
++dhclient-script interprets trailing 0 octets of the target as indicating
++the subnet class of the route, so for the following static-routes value:
++.br
++ option static-routes 172.0.0.0 172.16.2.254,
++.br
++ 192.168.0.0 192.168.2.254;
++.br
++dhclient-script will create routes:
++.br
++ 172/8 via 172.16.2.254 dev $interface
++.br
++ 192.168/16 via 192.168.2.254 dev $interface
+ .RE
+ .PP
+ .nf
+diff -up dhcp-4.0.0/client/dhclient-script.8.manpages dhcp-4.0.0/client/dhclient-script.8
+--- dhcp-4.0.0/client/dhclient-script.8.manpages 2006-02-24 13:16:27.000000000 -1000
++++ dhcp-4.0.0/client/dhclient-script.8 2008-01-02 11:26:38.000000000 -1000
+@@ -47,7 +47,7 @@ customizations are needed, they should b
+ exit hooks provided (see HOOKS for details). These hooks will allow the
+ user to override the default behaviour of the client in creating a
+ .B /etc/resolv.conf
+-file.
++file, and to handle DHCP options not handled by default.
+ .PP
+ No standard client script exists for some operating systems, even though
+ the actual client may work, so a pioneering user may well need to create
+@@ -91,6 +91,26 @@ present. The
+ .B ETCDIR/dhclient-exit-hooks
+ script can modify the valid of exit_status to change the exit status
+ of dhclient-script.
++.PP
++Immediately after dhclient brings an interface UP with a new IP address,
++subnet mask, and routes, in the REBOOT/BOUND states, it will check for the
++existence of an executable
++.B ETCDIR/dhclient-up-hooks
++script, and source it if found. This script can handle DHCP options in
++the environment that are not handled by default. A per-interface.
++.B ETCDIR/dhclient-${IF}-up-hooks
++script will override the generic script and be sourced when interface
++$IF has been brought up.
++.PP
++Immediately before dhclient brings an interface DOWN, removing its IP
++address, subnet mask, and routes, in the STOP/RELEASE states, it will
++check for the existence of an executable
++.B ETCDIR/dhclient-down-hooks
++script, and source it if found. This script can handle DHCP options in
++the environment that are not handled by default. A per-interface
++.B ETCDIR/dhclient-${IF}-down-hooks
++script will override the generic script and be sourced when interface
++$IF is about to be brought down.
+ .SH OPERATION
+ When dhclient needs to invoke the client configuration script, it
+ defines a set of variables in the environment, and then invokes
+diff -up dhcp-4.0.0/client/dhclient.conf.5.manpages dhcp-4.0.0/client/dhclient.conf.5
+--- dhcp-4.0.0/client/dhclient.conf.5.manpages 2007-08-23 06:06:08.000000000 -1000
++++ dhcp-4.0.0/client/dhclient.conf.5 2008-01-02 11:26:38.000000000 -1000
+@@ -186,9 +186,9 @@ responding to the client send the client
+ options. Only the option names should be specified in the request
+ statement - not option parameters. By default, the DHCP server
+ requests the subnet-mask, broadcast-address, time-offset, routers,
+-domain-name, domain-name-servers and host-name options. Note that if
+-you enter a 'request' statement, you over-ride this default and these
+-options will not be requested.
++domain-name, domain-name-servers host-name, nis-domain, nis-servers,
++and ntp-servers options. Note that if you enter a 'request' statement,
++you over-ride this default and these options will not be requested.
+ .PP
+ In some cases, it may be desirable to send no parameter request list
+ at all. To do this, simply write the request statement but specify
+@@ -626,6 +626,18 @@ database and will record the media type
+ Whenever the client tries to renew the lease, it will use that same
+ media type. The lease must expire before the client will go back to
+ cycling through media types.
++.PP
++ \fBbootp-broadcast-always;\fR
++.PP
++The
++.B bootp-broadcast-always
++statement instructs dhclient to always set the bootp broadcast flag in
++request packets, so that servers will always broadcast replies.
++This is equivalent to supplying the dhclient -B argument, and has
++the same effect as specifying 'always-broadcast' in the server's dhcpd.conf.
++This option is provided as an extension to enable dhclient to work
++on IBM s390 Linux guests.
++.PP
+ .SH SAMPLE
+ The following configuration file is used on a laptop running NetBSD
+ 1.3. The laptop has an IP alias of 192.5.5.213, and has one
+diff -up dhcp-4.0.0/client/dhclient.8.manpages dhcp-4.0.0/client/dhclient.8
+--- dhcp-4.0.0/client/dhclient.8.manpages 2007-10-04 07:13:25.000000000 -1000
++++ dhcp-4.0.0/client/dhclient.8 2008-01-02 11:26:38.000000000 -1000
+@@ -91,6 +91,33 @@ relay
+ .B -w
+ ]
+ [
++.B -B
++]
++[
++.B -I
++.I dhcp-client-identifier
++]
++[
++.B -H
++.I host-name
++]
++[
++.B -F
++.I fqdn.fqdn
++]
++[
++.B -V
++.I vendor-class-identifier
++]
++[
++.B -R
++.I request-option-list
++]
++[
++.B -T
++.I timeout
++]
++[
+ .B -v
+ ]
+ [
+@@ -118,16 +145,6 @@ important details about the network to w
+ the location of a default router, the location of a name server, and
+ so on.
+ .PP
+-If given the -4 command line argument (default), dhclient will use the
+-DHCPv4 protocol to obtain an IPv4 address and configuration parameters.
+-.PP
+-If given the -6 command line argument, dhclient will use the DHCPv6
+-protocol to obtain whatever IPv6 addresses are available along with
+-configuration parameters. Information-request is not yet supported.
+-.PP
+-If given the --version command line argument, dhclient will print its
+-version number and exit.
+-.PP
+ On startup, dhclient reads the
+ .IR dhclient.conf
+ for configuration instructions. It then gets a list of all the
+@@ -181,67 +198,183 @@ file. If interfaces are specified in t
+ only configure interfaces that are either specified in the
+ configuration file or on the command line, and will ignore all other
+ interfaces.
+-.PP
+-If the DHCP client should listen and transmit on a port other than the
+-standard (port 68), the
+-.B -p
+-flag may used. It should be followed by the udp port number that
+-dhclient should use. This is mostly useful for debugging purposes.
+-If a different port is specified for the client to listen on and
+-transmit on, the client will also use a different destination port -
+-one greater than the specified destination port.
+-.PP
+-The DHCP client normally transmits any protocol messages it sends
+-before acquiring an IP address to, 255.255.255.255, the IP limited
+-broadcast address. For debugging purposes, it may be useful to have
+-the server transmit these messages to some other address. This can
+-be specified with the
+-.B -s
+-flag, followed by the IP address or domain name of the destination.
+-.PP
+-For testing purposes, the giaddr field of all packets that the client
+-sends can be set using the
+-.B -g
+-flag, followed by the IP address to send. This is only useful for testing,
+-and should not be expected to work in any consistent or useful way.
+-.PP
+-The DHCP client will normally run in the foreground until it has
+-configured an interface, and then will revert to running in the
+-background. To run force dhclient to always run as a foreground
+-process, the
+-.B -d
+-flag should be specified. This is useful when running the client
+-under a debugger, or when running it out of inittab on System V
+-systems.
+-.PP
+-The dhclient daemon creates its own environment when executing the
+-dhclient-script to do the grunt work of interface configuration.
+-To define extra environment variables and their values, use the
+-.B -e
+-flag, followed by the environment variable name and value assignment,
+-just as one would assign a variable in a shell. Eg:
+-.B -e
+-.I IF_METRIC=1
+-.PP
+-The client normally prints no output during its startup sequence. It
+-can be made to emit verbose messages displaying the startup sequence events
+-until it has acquired an address by supplying the
+-.B -v
+-command line argument. In either case, the client logs messages using
+-the
+-.B syslog (3)
+-facility. A
+-.B -q
+-command line argument is provided for backwards compatibility, but since
+-dhclient is quiet by default, it has no effect.
+-.PP
+-The client normally doesn't release the current lease as it is not
+-required by the DHCP protocol. Some cable ISPs require their clients
+-to notify the server if they wish to release an assigned IP address.
++.SH OPTIONS
++.TP
++.BI \-4
++Use the DHCPv4 protocol to obtain an IPv4 address and configuration
++parameters.
++
++.TP
++.BI \-6
++Use the DHCPv6 protocol to obtain whatever IPv6 addresses are available
++along with configuration parameters. Information-request is not yet
++supported.
++
++.TP
++.BI \-p\ <port\ number>
++The UDP port number the DHCP client should listen and transmit on. If
++unspecified,
++.B dhclient
++uses the default port 68. This option is mostly useful for debugging
++purposes. If a different port is specified for the client to listen and
++transmit on, the client will also use a different destination port - one
++greater than the specified destination port.
++
++.TP
++.BI \-d
++Force
++.B dhclient
++to run as a foreground process. This is useful when running the client
++under a debugger, or when running it out of inittab on System V systems.
++
++.TP
++.BI \-e\ VAR=value
++Define additional environment variables for the environment where
++dhclient-script executes. You may specify multiple
++.B \-e
++options on the command line.
++
++.TP
++.BI \-q
++Suppress all terminal and log output except error messages.
++
++.TP
++.BI \-1
++Try one to get a lease. On failure, exit with code 2.
++
++.TP
++.BI \-r
++Tell
++.B dhclient
++to release the current lease it has from the server. This is not required
++by the DHCP protocol, but some ISPs require their clients to notify the
++server if they wish to release an assigned IP address.
++
++.TP
++.BI \-lf\ <lease-file>
++Path to the lease database file. If unspecified, the default
++.B DBDIR/dhclient.leases
++is used.
++
++.TP
++.BI \-pf\ <pid-file>
++Path to the process ID file. If unspecified, the default
++.B RUNDIR/dhclient.pid
++is used.
++
++.TP
++.BI \-cf\ <config-file>
++Path to the client configuration file. If unspecified, the default
++.B ETCDIR/dhclient.conf
++is used.
++
++.TP
++.BI \-sf\ <script-file>
++Path to the network configuration script invoked by
++.B dhclient
++when it gets a lease. If unspecified, the default
++.B CLIENTBINDIR/dhclient-script
++is used.
++
++.TP
++.BI \-s\ <server>
++Specifiy the server IP address or fully qualified domain name to transmit
++DHCP protocol messages to. Normally,
++.B dhclient
++transmits these messages to 255.255.255.255 (the IP limited broadcast
++address). Overriding this is mostly useful for debugging purposes.
++
++.TP
++.BI \-g\ <relay>
++Only for debugging. Set the giaddr field of all packets the client
++sends to the IP address specified. This should not be expected to work
++in any consistent or useful way.
++
++.TP
++.BI \-n
++Do not configure any interfaces. Most useful combined with the
++.B -w
++option.
++
++.TP
++.BI \-nw
++Become a daemon process immediately (nowait) rather than waiting until an IP
++address has been acquired.
++
++.TP
++.BI \-w
++Keep running even if no network interfaces are found. The
++.B omshell
++program can be used to notify the client when a network interface has been
++added or removed so it can attempt to configure an IP address on that
++interface.
++
++.TP
++.BI \-B
++Set the BOOTP broadcast flag in request packets so servers will always
++broadcast replies.
++
++.TP
++.BI \-I\ <dhcp-client-identifier>
++Specify the dhcp-client-identifier option to send to the DHCP server.
++
++.TP
++.BI \-H\ <host-name>
++Specify the host-name option to send to the DHCP server. The host-name
++string only contains the client's hostname prefix, to which the server will
++append the ddns-domainname or domain-name options, if any, to derive the
++fully qualified domain name of the client. The
++.B -H
++option cannot be used with the
++.B -F
++option.
++
++.TP
++.BI \-F\ <fqdn.fqdn>
++Specify the fqdn.fqdn option to send to the DHCP server. This option cannot
++be used with the
++.B -H
++option. The fqdn.fqdn option must specify the complete domain name of the
++client host, which the server may use for dynamic DNS updates.
++
++.TP
++.BI \-V\ <vendor-class-identifier>
++Specify the vendor-class-identifier option to send to the DHCP server.
++
++.TP
++.BI \-R\ <option>[,<option>...]
++Specify the list of options the client is to request from the server. The
++option list must be a single string consisting of option names separated
++by at least one command and optional space characters. The default option
++list is:
++
++.BR
++ subnet-mask, broadcast-address, time-offset, routers,
++.BR
++ domain-name, domain-name-servers, host-name, nis-domain,
++.BR
++ nis-servers, ntp-servers
++
+ The
+-.B -r
+-flag explicitly releases the current lease, and once the lease has been
+-released, the client exits.
++.B -R
++option does not append options to the default request, it overrides the
++default request list. Keep this in mind if you want to request an
++additional option besides the default request list. You will have to
++specify all option names for the
++.B -R
++parameter.
++
++.TP
++.BI \-T\ <timeout>
++Specify the time after which
++.B dhclient
++will decide that no DHCP servers can be contacted when no responses have been
++received.
++
++.TP
++.BI \-v
++Enable verbose log messages.
++
+ .PP
+ If the client is killed by a signal (for example at shutdown or reboot)
+ it won't execute the
+@@ -253,57 +386,7 @@ or
+ it will execute
+ .B dhclient-script (8)
+ at shutdown with the specific reason for calling the script set.
+-.PP
+-The
+-.B -1
+-flag will cause dhclient to try once to get a lease. If it fails, dhclient
+-exits with exit code two.
+-.PP
+-The DHCP client normally gets its configuration information from
+-.B ETCDIR/dhclient.conf,
+-its lease database from
+-.B DBDIR/dhclient.leases,
+-stores its process ID in a file called
+-.B RUNDIR/dhclient.pid,
+-and configures the network interface using
+-.B CLIENTBINDIR/dhclient-script
+-To specify different names and/or locations for these files, use the
+-.B -cf,
+-.B -lf,
+-.B -pf
+-and
+-.B -sf
+-flags, respectively, followed by the name of the file. This can be
+-particularly useful if, for example,
+-.B DBDIR
+-or
+-.B RUNDIR
+-has not yet been mounted when the DHCP client is started.
+-.PP
+-The DHCP client normally exits if it isn't able to identify any
+-network interfaces to configure. On laptop computers and other
+-computers with hot-swappable I/O buses, it is possible that a
+-broadcast interface may be added after system startup. The
+-.B -w
+-flag can be used to cause the client not to exit when it doesn't find
+-any such interfaces. The
+-.B omshell (1)
+-program can then be used to notify the client when a network interface
+-has been added or removed, so that the client can attempt to configure an IP
+-address on that interface.
+-.PP
+-The DHCP client can be directed not to attempt to configure any interfaces
+-using the
+-.B -n
+-flag. This is most likely to be useful in combination with the
+-.B -w
+-flag.
+-.PP
+-The client can also be instructed to become a daemon immediately, rather
+-than waiting until it has acquired an IP address. This can be done by
+-supplying the
+-.B -nw
+-flag.
++
+ .SH CONFIGURATION
+ The syntax of the dhclient.conf(5) file is discussed separately.
+ .SH OMAPI
--- /dev/null
+diff -up dhcp-3.0.6/minires/ns_name.c.memory dhcp-3.0.6/minires/ns_name.c
+--- dhcp-3.0.6/minires/ns_name.c.memory 2004-06-10 13:59:40.000000000 -0400
++++ dhcp-3.0.6/minires/ns_name.c 2007-07-10 11:43:29.000000000 -0400
+@@ -71,6 +71,11 @@ ns_name_ntop(const u_char *src, char *ds
+ dn = dst;
+ eom = dst + dstsiz;
+
++ if (dn >= eom) {
++ errno = EMSGSIZE;
++ return (-1);
++ }
++
+ while ((n = *cp++) != 0) {
+ if ((n & NS_CMPRSFLGS) != 0) {
+ /* Some kind of compression pointer. */
+diff -up dhcp-3.0.6/common/packet.c.memory dhcp-3.0.6/common/packet.c
+--- dhcp-3.0.6/common/packet.c.memory 2007-05-01 16:42:55.000000000 -0400
++++ dhcp-3.0.6/common/packet.c 2007-07-10 11:43:29.000000000 -0400
+@@ -140,6 +140,7 @@ void assemble_udp_ip_header (interface,
+ struct ip ip;
+ struct udphdr udp;
+
++ memset( &ip, '\0', sizeof ip);
+ /* Fill out the IP header */
+ IP_V_SET (&ip, 4);
+ IP_HL_SET (&ip, 20);
+diff -up dhcp-3.0.6/common/lpf.c.memory dhcp-3.0.6/common/lpf.c
+--- dhcp-3.0.6/common/lpf.c.memory 2007-07-10 11:43:29.000000000 -0400
++++ dhcp-3.0.6/common/lpf.c 2007-07-10 11:43:29.000000000 -0400
+@@ -246,6 +246,7 @@ static void lpf_tr_filter_setup (info)
+ struct interface_info *info;
+ {
+ struct sock_fprog p;
++ memset(&p,'\0', sizeof(struct sock_fprog));
+
+ /* Set up the bpf filter program structure. This is defined in
+ bpf.c */
--- /dev/null
+--- dhcp-3.0.5/server/bootp.c.unicast 2005-05-18 15:54:17.000000000 -0400
++++ dhcp-3.0.5/server/bootp.c 2007-03-30 16:16:00.000000000 -0400
+@@ -62,6 +62,7 @@
+ char msgbuf [1024];
+ int ignorep;
+ int peer_has_leases = 0;
++ int norelay = 0;
+
+ if (packet -> raw -> op != BOOTREQUEST)
+ return;
+@@ -77,7 +78,7 @@
+ ? inet_ntoa (packet -> raw -> giaddr)
+ : packet -> interface -> name);
+
+- if (!locate_network (packet)) {
++ if ((norelay = locate_network (packet)) == 0) {
+ log_info ("%s: network unknown", msgbuf);
+ return;
+ }
+@@ -357,6 +358,13 @@
+ from, &to, &hto);
+ goto out;
+ }
++ } else if (norelay == 2) {
++ to.sin_addr = raw.ciaddr;
++ to.sin_port = remote_port;
++ if (fallback_interface) {
++ result = send_packet (fallback_interface, (struct packet *)0, &raw, outgoing.packet_length, from, &to, &hto);
++ goto out;
++ }
+
+ /* If it comes from a client that already knows its address
+ and is not requesting a broadcast response, and we can
+--- dhcp-3.0.5/server/dhcp.c.unicast 2007-03-30 16:13:36.000000000 -0400
++++ dhcp-3.0.5/server/dhcp.c 2007-03-30 16:19:35.000000000 -0400
+@@ -3817,6 +3817,7 @@
+ struct data_string data;
+ struct subnet *subnet = (struct subnet *)0;
+ struct option_cache *oc;
++ int norelay = 0;
+
+ /* See if there's a subnet selection option. */
+ oc = lookup_option (&dhcp_universe, packet -> options,
+@@ -3826,12 +3827,24 @@
+ from the interface, if there is one. If not, fail. */
+ if (!oc && !packet -> raw -> giaddr.s_addr) {
+ if (packet -> interface -> shared_network) {
+- shared_network_reference
+- (&packet -> shared_network,
+- packet -> interface -> shared_network, MDL);
+- return 1;
++ struct in_addr any_addr;
++ any_addr.s_addr = INADDR_ANY;
++
++ if (!packet -> packet_type && memcmp(&packet -> raw -> ciaddr, &any_addr, 4)) {
++ struct iaddr cip;
++ memcpy(cip.iabuf, &packet -> raw -> ciaddr, 4);
++ cip.len = 4;
++ if (!find_grouped_subnet(&subnet, packet->interface->shared_network, cip, MDL))
++ norelay = 2;
++ }
++
++ if (!norelay) {
++ shared_network_reference(&packet -> shared_network, packet -> interface -> shared_network, MDL);
++ return 1;
++ }
++ } else {
++ return 0;
+ }
+- return 0;
+ }
+
+ /* If there's an SSO, and it's valid, use it to figure out the
+@@ -3853,7 +3866,10 @@
+ data_string_forget (&data, MDL);
+ } else {
+ ia.len = 4;
+- memcpy (ia.iabuf, &packet -> raw -> giaddr, 4);
++ if (norelay)
++ memcpy (ia.iabuf, &packet->raw->ciaddr, 4);
++ else
++ memcpy (ia.iabuf, &packet->raw->giaddr, 4);
+ }
+
+ /* If we know the subnet on which the IP address lives, use it. */
+@@ -3861,7 +3877,10 @@
+ shared_network_reference (&packet -> shared_network,
+ subnet -> shared_network, MDL);
+ subnet_dereference (&subnet, MDL);
+- return 1;
++ if (norelay)
++ return norelay;
++ else
++ return 1;
+ }
+
+ /* Otherwise, fail. */
--- /dev/null
+diff -up dhcp-4.0.0/common/nit.c.xen dhcp-4.0.0/common/nit.c
+--- dhcp-4.0.0/common/nit.c.xen 2007-09-05 07:32:10.000000000 -1000
++++ dhcp-4.0.0/common/nit.c 2007-12-29 06:39:16.000000000 -1000
+@@ -366,7 +366,7 @@ ssize_t receive_packet (interface, buf,
+
+ /* Decode the IP and UDP headers... */
+ offset = decode_udp_ip_header (interface, ibuf, bufix,
+- from, length, &paylen);
++ from, length, &paylen, 0);
+
+ /* If the IP or UDP checksum was bad, skip the packet... */
+ if (offset < 0)
+diff -up dhcp-4.0.0/common/dlpi.c.xen dhcp-4.0.0/common/dlpi.c
+--- dhcp-4.0.0/common/dlpi.c.xen 2007-10-08 04:27:53.000000000 -1000
++++ dhcp-4.0.0/common/dlpi.c 2007-12-29 06:39:13.000000000 -1000
+@@ -689,7 +689,7 @@ ssize_t receive_packet (interface, buf,
+ length -= offset;
+ #endif
+ offset = decode_udp_ip_header (interface, dbuf, bufix,
+- from, length, &paylen);
++ from, length, &paylen, 0);
+
+ /* If the IP or UDP checksum was bad, skip the packet... */
+ if (offset < 0) {
+diff -up dhcp-4.0.0/common/upf.c.xen dhcp-4.0.0/common/upf.c
+--- dhcp-4.0.0/common/upf.c.xen 2007-07-12 20:43:42.000000000 -1000
++++ dhcp-4.0.0/common/upf.c 2007-12-29 06:39:24.000000000 -1000
+@@ -317,7 +317,7 @@ ssize_t receive_packet (interface, buf,
+
+ /* Decode the IP and UDP headers... */
+ offset = decode_udp_ip_header (interface, ibuf, bufix,
+- from, length, &paylen);
++ from, length, &paylen, 0);
+
+ /* If the IP or UDP checksum was bad, skip the packet... */
+ if (offset < 0)
+diff -up dhcp-4.0.0/common/lpf.c.xen dhcp-4.0.0/common/lpf.c
+--- dhcp-4.0.0/common/lpf.c.xen 2007-12-29 06:37:53.000000000 -1000
++++ dhcp-4.0.0/common/lpf.c 2007-12-29 06:43:08.000000000 -1000
+@@ -29,18 +29,33 @@
+ #include "dhcpd.h"
+ #if defined (USE_LPF_SEND) || defined (USE_LPF_RECEIVE)
+ #include <sys/ioctl.h>
++#include <sys/socket.h>
+ #include <sys/uio.h>
+ #include <errno.h>
+
+ #include <asm/types.h>
+ #include <linux/filter.h>
+ #include <linux/if_ether.h>
++#include <linux/if_packet.h>
+ #include <netinet/in_systm.h>
+ #include "includes/netinet/ip.h"
+ #include "includes/netinet/udp.h"
+ #include "includes/netinet/if_ether.h"
+ #include <net/if.h>
+
++#ifndef PACKET_AUXDATA
++#define PACKET_AUXDATA 8
++
++struct tpacket_auxdata
++{
++ __u32 tp_status;
++ __u32 tp_len;
++ __u32 tp_snaplen;
++ __u16 tp_mac;
++ __u16 tp_net;
++};
++#endif
++
+ /* Reinitializes the specified interface after an address change. This
+ is not required for packet-filter APIs. */
+
+@@ -66,10 +81,14 @@ int if_register_lpf (info)
+ struct interface_info *info;
+ {
+ int sock;
+- struct sockaddr sa;
++ union {
++ struct sockaddr_ll ll;
++ struct sockaddr common;
++ } sa;
++ struct ifreq ifr;
+
+ /* Make an LPF socket. */
+- if ((sock = socket(PF_PACKET, SOCK_PACKET,
++ if ((sock = socket(PF_PACKET, SOCK_RAW,
+ htons((short)ETH_P_ALL))) < 0) {
+ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
+ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
+@@ -84,11 +103,16 @@ int if_register_lpf (info)
+ log_fatal ("Open a socket for LPF: %m");
+ }
+
++ memset (&ifr, 0, sizeof ifr);
++ strncpy (ifr.ifr_name, (const char *)info -> ifp, sizeof ifr.ifr_name);
++ if (ioctl (sock, SIOCGIFINDEX, &ifr))
++ log_fatal ("Failed to get interface index: %m");
++
+ /* Bind to the interface name */
+ memset (&sa, 0, sizeof sa);
+- sa.sa_family = AF_PACKET;
+- strncpy (sa.sa_data, (const char *)info -> ifp, sizeof sa.sa_data);
+- if (bind (sock, &sa, sizeof sa)) {
++ sa.ll.sll_family = AF_PACKET;
++ sa.ll.sll_ifindex = ifr.ifr_ifindex;
++ if (bind (sock, &sa.common, sizeof sa)) {
+ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT ||
+ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT ||
+ errno == EAFNOSUPPORT || errno == EINVAL) {
+@@ -170,9 +194,18 @@ static void lpf_gen_filter_setup (struct
+ void if_register_receive (info)
+ struct interface_info *info;
+ {
++ int val;
++
+ /* Open a LPF device and hang it on this interface... */
+ info -> rfdesc = if_register_lpf (info);
+
++ val = 1;
++ if (setsockopt (info -> rfdesc, SOL_PACKET, PACKET_AUXDATA, &val,
++ sizeof val) < 0) {
++ if (errno != ENOPROTOOPT)
++ log_fatal ("Failed to set auxiliary packet data: %m");
++ }
++
+ #if defined (HAVE_TR_SUPPORT)
+ if (info -> hw_address.hbuf [0] == HTYPE_IEEE802)
+ lpf_tr_filter_setup (info);
+@@ -291,7 +324,6 @@ ssize_t send_packet (interface, packet,
+ double hh [16];
+ double ih [1536 / sizeof (double)];
+ unsigned char *buf = (unsigned char *)ih;
+- struct sockaddr sa;
+ int result;
+ int fudge;
+
+@@ -309,15 +341,7 @@ ssize_t send_packet (interface, packet,
+ (unsigned char *)raw, len);
+ memcpy (buf + ibufp, raw, len);
+
+- /* For some reason, SOCK_PACKET sockets can't be connected,
+- so we have to do a sentdo every time. */
+- memset (&sa, 0, sizeof sa);
+- sa.sa_family = AF_PACKET;
+- strncpy (sa.sa_data,
+- (const char *)interface -> ifp, sizeof sa.sa_data);
+-
+- result = sendto (interface -> wfdesc,
+- buf + fudge, ibufp + len - fudge, 0, &sa, sizeof sa);
++ result = write (interface -> wfdesc, buf + fudge, ibufp + len - fudge);
+ if (result < 0)
+ log_error ("send_packet: %m");
+ return result;
+@@ -334,14 +358,35 @@ ssize_t receive_packet (interface, buf,
+ {
+ int length = 0;
+ int offset = 0;
++ int nocsum = 0;
+ unsigned char ibuf [1536];
+ unsigned bufix = 0;
+ unsigned paylen;
++ unsigned char cmsgbuf[CMSG_LEN(sizeof(struct tpacket_auxdata))];
++ struct iovec iov = {
++ .iov_base = ibuf,
++ .iov_len = sizeof ibuf,
++ };
++ struct msghdr msg = {
++ .msg_iov = &iov,
++ .msg_iovlen = 1,
++ .msg_control = cmsgbuf,
++ .msg_controllen = sizeof(cmsgbuf),
++ };
++ struct cmsghdr *cmsg;
+
+- length = read (interface -> rfdesc, ibuf, sizeof ibuf);
++ length = recvmsg (interface -> rfdesc, &msg, 0);
+ if (length <= 0)
+ return length;
+
++ for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg)) {
++ if (cmsg->cmsg_level == SOL_PACKET &&
++ cmsg->cmsg_type == PACKET_AUXDATA) {
++ struct tpacket_auxdata *aux = (void *)CMSG_DATA(cmsg);
++ nocsum = aux->tp_status & TP_STATUS_CSUMNOTREADY;
++ }
++ }
++
+ bufix = 0;
+ /* Decode the physical header... */
+ offset = decode_hw_header (interface, ibuf, bufix, hfrom);
+@@ -358,7 +403,7 @@ ssize_t receive_packet (interface, buf,
+
+ /* Decode the IP and UDP headers... */
+ offset = decode_udp_ip_header (interface, ibuf, bufix, from,
+- (unsigned)length, &paylen);
++ (unsigned)length, &paylen, nocsum);
+
+ /* If the IP or UDP checksum was bad, skip the packet... */
+ if (offset < 0)
+diff -up dhcp-4.0.0/common/bpf.c.xen dhcp-4.0.0/common/bpf.c
+--- dhcp-4.0.0/common/bpf.c.xen 2007-08-22 23:49:51.000000000 -1000
++++ dhcp-4.0.0/common/bpf.c 2007-12-29 06:39:09.000000000 -1000
+@@ -482,7 +482,7 @@ ssize_t receive_packet (interface, buf,
+ offset = decode_udp_ip_header (interface,
+ interface -> rbuf,
+ interface -> rbuf_offset,
+- from, hdr.bh_caplen, &paylen);
++ from, hdr.bh_caplen, &paylen, 0);
+
+ /* If the IP or UDP checksum was bad, skip the packet... */
+ if (offset < 0) {
+diff -up dhcp-4.0.0/common/packet.c.xen dhcp-4.0.0/common/packet.c
+--- dhcp-4.0.0/common/packet.c.xen 2007-12-29 06:37:53.000000000 -1000
++++ dhcp-4.0.0/common/packet.c 2007-12-29 06:39:20.000000000 -1000
+@@ -210,7 +210,7 @@ ssize_t
+ decode_udp_ip_header(struct interface_info *interface,
+ unsigned char *buf, unsigned bufix,
+ struct sockaddr_in *from, unsigned buflen,
+- unsigned *rbuflen)
++ unsigned *rbuflen, int nocsum)
+ {
+ unsigned char *data;
+ struct ip ip;
+@@ -321,7 +321,7 @@ decode_udp_ip_header(struct interface_in
+ 8, IPPROTO_UDP + ulen))));
+
+ udp_packets_seen++;
+- if (usum && usum != sum) {
++ if (!nocsum && usum && usum != sum) {
+ udp_packets_bad_checksum++;
+ if (udp_packets_seen > 4 &&
+ (udp_packets_seen / udp_packets_bad_checksum) < 2) {
+diff -up dhcp-4.0.0/includes/dhcpd.h.xen dhcp-4.0.0/includes/dhcpd.h
+--- dhcp-4.0.0/includes/dhcpd.h.xen 2007-12-29 06:37:53.000000000 -1000
++++ dhcp-4.0.0/includes/dhcpd.h 2007-12-29 06:39:27.000000000 -1000
+@@ -2561,7 +2561,7 @@ ssize_t decode_hw_header PROTO ((struct
+ unsigned, struct hardware *));
+ ssize_t decode_udp_ip_header PROTO ((struct interface_info *, unsigned char *,
+ unsigned, struct sockaddr_in *,
+- unsigned, unsigned *));
++ unsigned, unsigned *, int));
+
+ /* ethernet.c */
+ void assemble_ethernet_header PROTO ((struct interface_info *, unsigned char *,
--- /dev/null
+#!/usr/bin/perl -w
+
+# Brian Masney <masneyb@ntelos.net>
+# To use this script, set your base DN below. Then run
+# ./dhcpd-conf-to-ldap.pl < /path-to-dhcpd-conf/dhcpd.conf > output-file
+# The output of this script will generate entries in LDIF format. You can use
+# the slapadd command to add these entries into your LDAP server. You will
+# definately want to double check that your LDAP entries are correct before
+# you load them into LDAP.
+
+# This script does not do much error checking. Make sure before you run this
+# that the DHCP server doesn't give any errors about your config file
+
+# FailOver notes:
+# Failover is disabled by default, since it may need manually intervention.
+# You can try the '--use=failover' option to see what happens :-)
+#
+# If enabled, the failover pool references will be written to LDIF output.
+# The failover configs itself will be added to the dhcpServer statements
+# and not to the dhcpService object (since this script uses only one and
+# it may be usefull to have multiple service containers in failover mode).
+# Further, this script does not check if primary or secondary makes sense,
+# it simply converts what it gets...
+
+use Net::Domain qw(hostname hostfqdn hostdomain);
+use Getopt::Long;
+
+my $domain = hostdomain(); # your.domain
+my $basedn = "dc=".$domain;
+ $basedn =~ s/\./,dc=/g; # dc=your,dc=domain
+my $server = hostname(); # hostname (nodename)
+my $dhcpcn = 'DHCP Config'; # CN of DHCP config tree
+my $dhcpdn = "cn=$dhcpcn, $basedn"; # DHCP config tree DN
+my $second = ''; # secondary server DN / hostname
+my $i_conf = ''; # dhcp.conf file to read or stdin
+my $o_ldif = ''; # output ldif file name or stdout
+my @use = (); # extended flags (failover)
+
+sub usage($;$)
+{
+ my $rc = shift;
+ my $err= shift;
+
+ print STDERR "Error: $err\n\n" if(defined $err);
+ print STDERR <<__EOF_USAGE__;
+usage:
+ $0 [options] < dhcpd.conf > dhcpd.ldif
+
+options:
+
+ --basedn "dc=your,dc=domain" ("$basedn")
+
+ --dhcpdn "dhcp config DN" ("$dhcpdn")
+
+ --server "dhcp server name" ("$server")
+
+ --second "secondary server or DN" ("$second")
+
+ --conf "/path/to/dhcpd.conf" (default is stdin)
+ --ldif "/path/to/output.ldif" (default is stdout)
+
+ --use "extended features" (see source comments)
+__EOF_USAGE__
+ exit($rc);
+}
+
+
+sub next_token
+{
+ local ($lowercase) = @_;
+ local ($token, $newline);
+
+ do
+ {
+ if (!defined ($line) || length ($line) == 0)
+ {
+ $line = <>;
+ return undef if !defined ($line);
+ chop $line;
+ $line_number++;
+ $token_number = 0;
+ }
+
+ $line =~ s/#.*//;
+ $line =~ s/^\s+//;
+ $line =~ s/\s+$//;
+ }
+ while (length ($line) == 0);
+
+ if (($token, $newline) = $line =~ /^(.*?)\s+(.*)/)
+ {
+ if ($token =~ /^"/) {
+ #handle quoted token
+ if ($token !~ /"\s*$/)
+ {
+ ($tok, $newline) = $newline =~ /([^"]+")(.*)/;
+ $token .= " $tok";
+ }
+ }
+ $line = $newline;
+ }
+ else
+ {
+ $token = $line;
+ $line = '';
+ }
+ $token_number++;
+
+ $token =~ y/[A-Z]/[a-z]/ if $lowercase;
+
+ return ($token);
+}
+
+
+sub remaining_line
+{
+ local ($block) = shift || 0;
+ local ($tmp, $str);
+
+ $str = "";
+ while (defined($tmp = next_token (0)))
+ {
+ $str .= ' ' if !($str eq "");
+ $str .= $tmp;
+ last if $tmp =~ /;\s*$/;
+ last if($block and $tmp =~ /\s*[}{]\s*$/);
+ }
+
+ $str =~ s/;$//;
+ return ($str);
+}
+
+
+sub
+add_dn_to_stack
+{
+ local ($dn) = @_;
+
+ $current_dn = "$dn, $current_dn";
+}
+
+
+sub
+remove_dn_from_stack
+{
+ $current_dn =~ s/^.*?,\s*//;
+}
+
+
+sub
+parse_error
+{
+ print "Parse error on line number $line_number at token number $token_number\n";
+ exit (1);
+}
+
+
+sub
+print_entry
+{
+ return if (scalar keys %curentry == 0);
+
+ if (!defined ($curentry{'type'}))
+ {
+ $hostdn = "cn=$server, $basedn";
+ print "dn: $hostdn\n";
+ print "cn: $server\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpServer\n";
+ print "dhcpServiceDN: $current_dn\n";
+ if(grep(/FaIlOvEr/i, @use))
+ {
+ foreach my $fo_peer (keys %failover)
+ {
+ next if(scalar(@{$failover{$fo_peer}}) <= 1);
+ print "dhcpStatements: failover peer $fo_peer { ",
+ join('; ', @{$failover{$fo_peer}}), "; }\n";
+ }
+ }
+ print "\n";
+
+ print "dn: $current_dn\n";
+ print "cn: $dhcpcn\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpService\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+ print "dhcpPrimaryDN: $hostdn\n";
+ if(grep(/FaIlOvEr/i, @use) and ($second ne ''))
+ {
+ print "dhcpSecondaryDN: $second\n";
+ }
+ }
+ elsif ($curentry{'type'} eq 'subnet')
+ {
+ print "dn: $current_dn\n";
+ print "cn: " . $curentry{'ip'} . "\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpSubnet\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+
+ print "dhcpNetMask: " . $curentry{'netmask'} . "\n";
+ if (defined ($curentry{'ranges'}))
+ {
+ foreach $statement (@{$curentry{'ranges'}})
+ {
+ print "dhcpRange: $statement\n";
+ }
+ }
+ }
+ elsif ($curentry{'type'} eq 'shared-network')
+ {
+ print "dn: $current_dn\n";
+ print "cn: " . $curentry{'descr'} . "\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpSharedNetwork\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+ }
+ elsif ($curentry{'type'} eq 'group')
+ {
+ print "dn: $current_dn\n";
+ print "cn: group", $curentry{'idx'}, "\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpGroup\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+ }
+ elsif ($curentry{'type'} eq 'host')
+ {
+ print "dn: $current_dn\n";
+ print "cn: " . $curentry{'host'} . "\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpHost\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+
+ if (defined ($curentry{'hwaddress'}))
+ {
+ $curentry{'hwaddress'} =~ y/[A-Z]/[a-z]/;
+ print "dhcpHWAddress: " . $curentry{'hwaddress'} . "\n";
+ }
+ }
+ elsif ($curentry{'type'} eq 'pool')
+ {
+ print "dn: $current_dn\n";
+ print "cn: pool", $curentry{'idx'}, "\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpPool\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+
+ if (defined ($curentry{'ranges'}))
+ {
+ foreach $statement (@{$curentry{'ranges'}})
+ {
+ print "dhcpRange: $statement\n";
+ }
+ }
+ }
+ elsif ($curentry{'type'} eq 'class')
+ {
+ print "dn: $current_dn\n";
+ print "cn: " . $curentry{'class'} . "\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpClass\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+ }
+ elsif ($curentry{'type'} eq 'subclass')
+ {
+ print "dn: $current_dn\n";
+ print "cn: " . $curentry{'subclass'} . "\n";
+ print "objectClass: top\n";
+ print "objectClass: dhcpSubClass\n";
+ if (defined ($curentry{'options'}))
+ {
+ print "objectClass: dhcpOptions\n";
+ }
+ print "dhcpClassData: " . $curentry{'class'} . "\n";
+ }
+
+ if (defined ($curentry{'statements'}))
+ {
+ foreach $statement (@{$curentry{'statements'}})
+ {
+ print "dhcpStatements: $statement\n";
+ }
+ }
+
+ if (defined ($curentry{'options'}))
+ {
+ foreach $statement (@{$curentry{'options'}})
+ {
+ print "dhcpOption: $statement\n";
+ }
+ }
+
+ print "\n";
+ undef (%curentry);
+}
+
+
+sub parse_netmask
+{
+ local ($netmask) = @_;
+ local ($i);
+
+ if ((($a, $b, $c, $d) = $netmask =~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/) != 4)
+ {
+ parse_error ();
+ }
+
+ $num = (($a & 0xff) << 24) |
+ (($b & 0xff) << 16) |
+ (($c & 0xff) << 8) |
+ ($d & 0xff);
+
+ for ($i=1; $i<=32 && $num & (1 << (32 - $i)); $i++)
+ {
+ }
+ $i--;
+
+ return ($i);
+}
+
+
+sub parse_subnet
+{
+ local ($ip, $tmp, $netmask);
+
+ print_entry () if %curentry;
+
+ $ip = next_token (0);
+ parse_error () if !defined ($ip);
+
+ $tmp = next_token (1);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq 'netmask');
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ $netmask = parse_netmask ($tmp);
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq '{');
+
+ add_dn_to_stack ("cn=$ip");
+ $curentry{'type'} = 'subnet';
+ $curentry{'ip'} = $ip;
+ $curentry{'netmask'} = $netmask;
+ $cursubnet = $ip;
+ $curcounter{$ip} = { pool => 0, group => 0 };
+}
+
+
+sub parse_shared_network
+{
+ local ($descr, $tmp);
+
+ print_entry () if %curentry;
+
+ $descr = next_token (0);
+ parse_error () if !defined ($descr);
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq '{');
+
+ add_dn_to_stack ("cn=$descr");
+ $curentry{'type'} = 'shared-network';
+ $curentry{'descr'} = $descr;
+}
+
+
+sub parse_host
+{
+ local ($descr, $tmp);
+
+ print_entry () if %curentry;
+
+ $host = next_token (0);
+ parse_error () if !defined ($host);
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq '{');
+
+ add_dn_to_stack ("cn=$host");
+ $curentry{'type'} = 'host';
+ $curentry{'host'} = $host;
+}
+
+
+sub parse_group
+{
+ local ($descr, $tmp);
+
+ print_entry () if %curentry;
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq '{');
+
+ my $idx;
+ if(exists($curcounter{$cursubnet})) {
+ $idx = ++$curcounter{$cursubnet}->{'group'};
+ } else {
+ $idx = ++$curcounter{''}->{'group'};
+ }
+
+ add_dn_to_stack ("cn=group".$idx);
+ $curentry{'type'} = 'group';
+ $curentry{'idx'} = $idx;
+}
+
+
+sub parse_pool
+{
+ local ($descr, $tmp);
+
+ print_entry () if %curentry;
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq '{');
+
+ my $idx;
+ if(exists($curcounter{$cursubnet})) {
+ $idx = ++$curcounter{$cursubnet}->{'pool'};
+ } else {
+ $idx = ++$curcounter{''}->{'pool'};
+ }
+
+ add_dn_to_stack ("cn=pool".$idx);
+ $curentry{'type'} = 'pool';
+ $curentry{'idx'} = $idx;
+}
+
+
+sub parse_class
+{
+ local ($descr, $tmp);
+
+ print_entry () if %curentry;
+
+ $class = next_token (0);
+ parse_error () if !defined ($class);
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq '{');
+
+ $class =~ s/\"//g;
+ add_dn_to_stack ("cn=$class");
+ $curentry{'type'} = 'class';
+ $curentry{'class'} = $class;
+}
+
+
+sub parse_subclass
+{
+ local ($descr, $tmp);
+
+ print_entry () if %curentry;
+
+ $class = next_token (0);
+ parse_error () if !defined ($class);
+
+ $subclass = next_token (0);
+ parse_error () if !defined ($subclass);
+
+ $tmp = next_token (0);
+ parse_error () if !defined ($tmp);
+ parse_error () if !($tmp eq '{');
+
+ add_dn_to_stack ("cn=$subclass");
+ $curentry{'type'} = 'subclass';
+ $curentry{'class'} = $class;
+ $curentry{'subclass'} = $subclass;
+}
+
+
+sub parse_hwaddress
+{
+ local ($type, $hw, $tmp);
+
+ $type = next_token (1);
+ parse_error () if !defined ($type);
+
+ $hw = next_token (1);
+ parse_error () if !defined ($hw);
+ $hw =~ s/;$//;
+
+ $curentry{'hwaddress'} = "$type $hw";
+}
+
+
+sub parse_range
+{
+ local ($tmp, $str);
+
+ $str = remaining_line ();
+
+ if (!($str eq ''))
+ {
+ $str =~ s/;$//;
+ push (@{$curentry{'ranges'}}, $str);
+ }
+}
+
+
+sub parse_statement
+{
+ local ($token) = shift;
+ local ($str);
+
+ if ($token eq 'option')
+ {
+ $str = remaining_line ();
+ push (@{$curentry{'options'}}, $str);
+ }
+ elsif($token eq 'failover')
+ {
+ $str = remaining_line (1); # take care on block
+ if($str =~ /[{]/)
+ {
+ my ($peername, @statements);
+
+ parse_error() if($str !~ /^\s*peer\s+(.+?)\s+[{]\s*$/);
+ parse_error() if(($peername = $1) !~ /^\"?[^\"]+\"?$/);
+
+ #
+ # failover config block found:
+ # e.g. 'failover peer "some-name" {'
+ #
+ if(not grep(/FaIlOvEr/i, @use))
+ {
+ print STDERR "Warning: Failover config 'peer $peername' found!\n";
+ print STDERR " Skipping it, since failover disabled!\n";
+ print STDERR " You may try out --use=failover option.\n";
+ }
+
+ until($str =~ /[}]/ or $str eq "")
+ {
+ $str = remaining_line (1);
+ # collect all statements, except ending '}'
+ push(@statements, $str) if($str !~ /[}]/);
+ }
+ $failover{$peername} = [@statements];
+ }
+ else
+ {
+ #
+ # pool reference to failover config is fine
+ # e.g. 'failover peer "some-name";'
+ #
+ if(not grep(/FaIlOvEr/i, @use))
+ {
+ print STDERR "Warning: Failover reference '$str' found!\n";
+ print STDERR " Skipping it, since failover disabled!\n";
+ print STDERR " You may try out --use=failover option.\n";
+ }
+ else
+ {
+ push (@{$curentry{'statements'}}, $token. " " . $str);
+ }
+ }
+ }
+ elsif($token eq 'zone')
+ {
+ $str = $token;
+ while($str !~ /}$/) {
+ $str .= ' ' . next_token (0);
+ }
+ push (@{$curentry{'statements'}}, $str);
+ }
+ elsif($token =~ /^(authoritative)[;]*$/)
+ {
+ push (@{$curentry{'statements'}}, $1);
+ }
+ else
+ {
+ $str = $token . " " . remaining_line ();
+ push (@{$curentry{'statements'}}, $str);
+ }
+}
+
+
+my $ok = GetOptions(
+ 'basedn=s' => \$basedn,
+ 'dhcpdn=s' => \$dhcpdn,
+ 'server=s' => \$server,
+ 'second=s' => \$second,
+ 'conf=s' => \$i_conf,
+ 'ldif=s' => \$o_ldif,
+ 'use=s' => \@use,
+ 'h|help|usage' => sub { usage(0); },
+);
+
+unless($server =~ /^\w+/)
+ {
+ usage(1, "invalid server name '$server'");
+ }
+unless($basedn =~ /^\w+=[^,]+/)
+ {
+ usage(1, "invalid base dn '$basedn'");
+ }
+
+if($dhcpdn =~ /^cn=([^,]+)/i)
+ {
+ $dhcpcn = "$1";
+ }
+$second = '' if not defined $second;
+unless($second eq '' or $second =~ /^cn=[^,]+\s*,\s*\w+=[^,]+/i)
+ {
+ if($second =~ /^cn=[^,]+$/i)
+ {
+ # relative DN 'cn=name'
+ $second = "$second, $basedn";
+ }
+ elsif($second =~ /^\w+/)
+ {
+ # assume hostname only
+ $second = "cn=$second, $basedn";
+ }
+ else
+ {
+ usage(1, "invalid secondary '$second'")
+ }
+ }
+
+usage(1) unless($ok);
+
+if($i_conf ne "" and -f $i_conf)
+ {
+ if(not open(STDIN, '<', $i_conf))
+ {
+ print STDERR "Error: can't open conf file '$i_conf': $!\n";
+ exit(1);
+ }
+ }
+if($o_ldif ne "")
+ {
+ if(-e $o_ldif)
+ {
+ print STDERR "Error: output ldif name '$o_ldif' already exists!\n";
+ exit(1);
+ }
+ if(not open(STDOUT, '>', $o_ldif))
+ {
+ print STDERR "Error: can't open ldif file '$o_ldif': $!\n";
+ exit(1);
+ }
+ }
+
+
+print STDERR "Creating LDAP Configuration with the following options:\n";
+print STDERR "\tBase DN: $basedn\n";
+print STDERR "\tDHCP DN: $dhcpdn\n";
+print STDERR "\tServer DN: cn=$server, $basedn\n";
+print STDERR "\tSecondary DN: $second\n"
+ if(grep(/FaIlOvEr/i, @use) and $second ne '');
+print STDERR "\n";
+
+my $token;
+my $token_number = 0;
+my $line_number = 0;
+my %curentry;
+my $cursubnet = '';
+my %curcounter = ( '' => { pool => 0, group => 0 } );
+
+$current_dn = "$dhcpdn";
+$curentry{'descr'} = $dhcpcn;
+$line = '';
+%failover = ();
+
+while (($token = next_token (1)))
+ {
+ if ($token eq '}')
+ {
+ print_entry () if %curentry;
+ if($current_dn =~ /.+?,\s*${dhcpdn}$/) {
+ # don't go below dhcpdn ...
+ remove_dn_from_stack ();
+ }
+ }
+ elsif ($token eq 'subnet')
+ {
+ parse_subnet ();
+ next;
+ }
+ elsif ($token eq 'shared-network')
+ {
+ parse_shared_network ();
+ next;
+ }
+ elsif ($token eq 'class')
+ {
+ parse_class ();
+ next;
+ }
+ elsif ($token eq 'subclass')
+ {
+ parse_subclass ();
+ next;
+ }
+ elsif ($token eq 'pool')
+ {
+ parse_pool ();
+ next;
+ }
+ elsif ($token eq 'group')
+ {
+ parse_group ();
+ next;
+ }
+ elsif ($token eq 'host')
+ {
+ parse_host ();
+ next;
+ }
+ elsif ($token eq 'hardware')
+ {
+ parse_hwaddress ();
+ next;
+ }
+ elsif ($token eq 'range')
+ {
+ parse_range ();
+ next;
+ }
+ else
+ {
+ parse_statement ($token);
+ next;
+ }
+ }
+
+close(STDIN) if($i_conf);
+close(STDOUT) if($o_ldif);
+
+print STDERR "Done.\n";
+
--- /dev/null
+
+
+
+
+
+Network Working Group M. Meredith,
+Internet Draft V. Nanjundaswamy,
+Document: <draft-ietf-dhc-ldap-schema-00.txt> M. Hinckley
+Category: Proposed Standard Novell Inc.
+Expires: 15th December 2001 16th June 2001
+
+
+ LDAP Schema for DHCP
+
+Status of this Memo
+
+This document is an Internet-Draft and is in full conformance with all
+provisions of Section 10 of RFC2026 [ ].
+
+Internet-Drafts are working documents of the Internet Engineering Task
+Force (IETF), its areas, and its working groups. Note that other groups
+may also distribute working documents as Internet-Drafts. Internet-
+Drafts are draft documents valid for a maximum of six months and may be
+updated, replaced, or obsolete by other documents at any time. It is
+inappropriate to use Internet-Drafts as reference material or to cite
+them other than as "work in progress." The list of current Internet-
+Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The
+list of Internet-Draft Shadow Directories can be accessed at
+http://www.ietf.org/shadow.html.
+
+1. Abstract
+
+This document defines a schema for representing DHCP configuration in an
+LDAP directory. It can be used to represent the DHCP Service
+configuration(s) for an entire enterprise network, a subset of the
+network, or even a single server. Representing DHCP configuration in an
+LDAP directory enables centralized management of DHCP services offered
+by one or more DHCP Servers within the enterprise.
+
+2. Conventions used in this document
+
+The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+document are to be interpreted as described in RFC-2119 [ ].
+
+In places where different sets of terminology are commonly used to
+represent similar DHCP concepts, this schema uses the terminology of the
+Internet Software Consortium's DHCP server reference implementation.
+For more information see www.isc.org.
+
+3. Design Considerations
+
+The DHCP LDAP schema is designed to be a simple multi-server schema. The
+
+
+
+M. Meredith et al. Expires December 2001 [Page 1]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+intent of this schema is to provide a basic framework for representing
+the most common elements used in the configuration of DHCP Server. This
+should allow other network services to obtain and use basic DHCP
+configuration information in a server-independent but knowledgeable way.
+
+It is expected that some implementations may need to extend the schema
+objects, in order to implement all of their features or needs. It is
+recommended that you use the schema defined in this draft to represent
+DHCP configuration information in an LDAP directory. Conforming to a
+standard schema improves interoperability between DHCP implementations
+from different vendors.
+
+Some implementations may choose not to support all of the objects
+defined here.
+
+Two decisions are explicitly left up to each implementation:
+
+First, implementations may choose not to store the lease information in
+the directory, so those objects would not be used.
+
+Second, implementations may choose not to implement the auditing
+information.
+
+It is up to the implementation to determine if the data in the directory
+is considered "authoritative", or if it is simply a copy of data from an
+authoritative source. Validity of the information if used as a copy is
+to be ensured by the implementation.
+
+Primarily two types of applications will use the information in this
+schema: 1. DHCP servers (for loading their configuration) 2. Management
+Interfaces (for defining/editing configurations).
+
+The schema should be efficient for the needs of both types of
+applications. The schema is designed to allow objects managed by DHCP
+(such as computers, subnets, etc) to be present anywhere in a directory
+hierarchy (to allow those objects to be placed in the directory for
+managing administrative control and access to the objects).
+
+The schema uses a few naming conventions - all object classes and
+attributes are prefixed with "dhcp" to decrease the chance that object
+classes and attributes will have the same name. The schema also uses
+standard naming attributes ("cn", "ou", etc) for all objects.
+
+4. Common DHCP Configuration Attributes
+
+Although DHCP manages several different types of objects, the
+configuration of those objects is often similar. Consequently, most of
+these objects have a common set of attributes, which are defined below.
+
+
+
+M. Meredith et al. Expires December 2001 [Page 2]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+4.1. Attributes Definitions
+
+The schema definitions listed below are for readability. The LDIF
+layout for this schema will follow in section 8.
+
+Name: dhcpPrimaryDN Description: The Distinguished Name of the
+dhcpServer object, which is the primary server for the configuration.
+Syntax: DN Flags: SINGLE-VALUE
+
+Named: dhcpSecondaryDN Description: The Distinguished Name(s) of the
+dhcpServer object(s), which are secondary servers for the configuration.
+Syntax: DN
+
+Name: dhcpStatements Description: Flexible storage for representing any
+specific data depending on the object to which it is attached. Examples
+include conditional statements, Server parameters, etc. This also
+serves as a 'catch-all' attribute that allows the standard to evolve
+without needing to update the schema. Syntax: IA5String
+
+Name: dhcpRange Description: The starting and ending IP Addresses in the
+range (inclusive), separated by a hyphen; if the range only contains one
+address, then just the address can be specified with no hyphen. Each
+range is defined as a separate value. Syntax: IA5String
+
+Name: dhcpPermitList Description: This attribute contains the permit
+lists associated with a pool. Each permit list is defined as a separate
+value. Syntax: IA5String
+
+Name: dhcpNetMask Description: The subnet mask length for the subnet.
+The mask can be easily computed from this length. Syntax: Integer
+Flags: SINGLE-VALUE
+
+Name: dhcpOption Description: Encoded option values to be sent to
+clients. Each value represents a single option and contains (OptionTag,
+Length, OptionData) encoded in the format used by DHCP. For more
+information see [DHCPOPT]. Syntax: OctetString
+
+Name: dhcpClassData Description: Encoded text string or list of bytes
+expressed in hexadecimal, separated by colons. Clients match subclasses
+based on matching the class data with the results of a 'match' or 'spawn
+with' statement in the class name declarations. Syntax: IA5String
+Flags: SINGLE-VALUE
+
+Name: dhcpSubclassesDN Description: List of subclasses, these are the
+actual DN of each subclass object. Syntax: DN
+
+Name: dhcpClassesDN Description: List of classes, these are the actual
+DN of each class object. Syntax: DN
+
+
+
+M. Meredith et al. Expires December 2001 [Page 3]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+Name: dhcpSubnetDN Description: List of subnets, these are the actual DN
+of each subnet object. Syntax: DN
+
+Name: dhcpPoolDN Description: List of pools, these are the actual DN of
+each Pool object. Syntax: DN
+
+Name: dhcpOptionsDN Description: List of options, these are the actual
+DN of each Options object. Syntax: DN
+
+Name: dhcpHostDN Description: List of hosts, these are the actual DN of
+each host object. Syntax: DN
+
+Name: dhcpSharedNetworkDN Description: List of shared networks, these
+are the actual DN of each shared network object. Syntax: DN
+
+Name: dhcpGroupDN Description: List of groups, these are the actual DN
+of each Group object. Syntax: DN
+
+Name: dhcpLeaseDN Description: Single Lease DN. A dhcpHost configuration
+uses this attribute to identify a static IP address assignment. Syntax:
+DN Flags: SINGLE-VALUE
+
+Name: dhcpLeasesDN Description: List of leases, these are the actual DN
+of each lease object. Syntax: DN
+
+Name: dhcpServiceDN Description: The DN of dhcpService object(s)which
+contain the configuration information. Each dhcpServer object has this
+attribute identifying the DHCP configuration(s) that the server is
+associated with. Syntax: DN
+
+Name: dhcpHWAddress Description: The hardware address of the client
+associated with a lease Syntax: OctetString Flags: SINGLE-VALUE
+
+Name: dhcpVersion Description: This is the version identified for the
+object that this attribute is part of. In case of the dhcpServer object,
+this represents the DHCP software version. Syntax: IA5String Flags:
+SINGLE-VALUE
+
+Name: dhcpImplementation Description: DHCP Server implementation
+description e.g. DHCP Vendor information. Syntax: IA5String Flags:
+SINGLE-VALUE
+
+Name: dhcpHashBucketAssignment Description: HashBucketAssignment bit map
+for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC
+3074]. Syntax: Octet String Flags: SINGLE-VALUE
+
+Name: dhcpDelayedServiceParameter Description: Delay in seconds
+corresponding to Delayed Service Parameter configuration, as defined in
+
+
+
+M. Meredith et al. Expires December 2001 [Page 4]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+DHC Load Balancing Algorithm [RFC 3074]. Syntax: Integer Flags: SINGLE-
+VALUE
+
+Name: dhcpMaxClientLeadTime Description: Maximum Client Lead Time
+configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]
+Syntax: Integer Flags: SINGLE-VALUE
+
+Name: dhcpFailOverEndpointState Description: Server (Failover Endpoint)
+state, as defined in DHCP Failover Protocol [FAILOVR] Syntax: IA5String
+Flags: SINGLE-VALUE
+
+5. Configurations and Services
+
+The schema definitions below are for readability the LDIF layout for
+this schema will follow in section 8.
+
+The DHC working group is currently considering several proposals for
+fail-over and redundancy of DHCP servers. These may require sharing of
+configuration information between servers. This schema provides a
+generalized mechanism for supporting any of these proposals, by
+separating the definition of a server from the definition of
+configuration service provided by the server.
+
+Separating the DHCP Server (dhcpServer) and the DHCP Configuration
+(dhcpService) representations allows a configuration service to be
+provided by one or more servers. Similarly, a server may provide one or
+more configurations. The schema allows a server to be configured as
+either a primary or secondary provider of a DHCP configuration.
+
+Configurations are also defined so that one configuration can include
+some of the objects that are defined in another configuration. This
+allows for sharing and/or a hierarchy of related configuration items.
+
+Name: dhcpService Description: Service object that represents the
+actual DHCP Service configuration. This will be a container with the
+following attributes. Must: cn, dhcpPrimaryDN May: dhcpSecondaryDN,
+dhcpSharedNetworkDN, dhcpSubnetDN, dhcpGroupDN, dhcpHostDN,
+dhcpClassesDN, dhcpOptionsDN, dhcpStatements
+
+The following objects could exist inside the dhcpService container:
+dhcpSharedNetwork, dhcpSubnet, dhcpGroup, dhcpHost, dhcpClass,
+dhcpOptions, dhcpLog
+
+Name: dhcpServer Description: Server object that the DHCP server will
+login as. The configuration information is in the dhcpService container
+that the dhcpServiceDN points to. Must: cn, dhcpServiceDN May:
+dhcpVersion, dhcpImplementation, dhcpHashBucketAssignment,
+dhcpDelayedServiceParameter, dhcpMaxClientLeadTime,
+
+
+
+M. Meredith et al. Expires December 2001 [Page 5]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+dhcpFailOverEndpointState, dhcpStatements
+
+5.1. DHCP Declaration related classes:
+
+Name: dhcpSharedNetwork Description: Shared Network class will list what
+pools and subnets are in this network.
+
+This will be a container with the following attributes. Must: cn May:
+dhcpSubnetDN, dhcpPoolDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpSharedNetwork container:
+dhcpSubnet, dhcpPool, dhcpOptions, dhcpLog
+
+Name: dhcpSubnet Description: Subnet object will include configuration
+information associated with a subnet, including a range and a net mask.
+
+This will be a container with the following attributes. Must: cn
+(Subnet address), dhcpNetMask May: dhcpRange, dhcpPoolDN, dhcpGroupDN,
+dhcpHostDN, dhcpClassesDN, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpSubnet container: dhcpPool,
+dhcpGroup, dhcpHost, dhcpClass, dhcpOptions, dhcpLease, dhcpLog
+
+Name: dhcpGroup Description: Group object will have configuration
+information associated with a group.
+
+This will be a container with the following attributes. Must: cn May:
+dhcpHostDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpGroup container: dhcpHost,
+dhcpOptions
+
+Name: dhcpHost Description: The host object includes DHCP host
+declarations to assign a static IP address or declare the client as
+known or specify statements for a specific client. Must: cn May:
+dhcpLeaseDN, dhcpHWAddress, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpHost container: dhcpLease,
+dhcpOptions
+
+Name: dhcpOptions Description: The options class is for option space
+declarations, it contains a list of options. Must: cn, dhcpOption
+
+Name: dhcpClass Description: This is a class to group clients together
+based on matching rules.
+
+This will be a container with the following attributes. Must: cn May:
+dhcpSubClassesDN, dhcpOptionsDN, dhcpStatements
+
+The following object can exist within a dhcpClass container:
+dhcpSubclass, dhcpOptions
+
+
+
+M. Meredith et al. Expires December 2001 [Page 6]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+Name: dhcpSubClass Description: This includes configuration information
+for a subclass associated with a class. The dhcpSubClass object will
+always be contained within the corresponding class container object.
+Must: cn May: dhcpClassData, dhcpOptionsDN, dhcpStatements
+
+Name: dhcpPool Description: This contains configuration for a pool that
+will have the range of addresses, permit lists and point to classes and
+leases that are members of this pool.
+
+This will be a container that could be contained by dhcpSubnet or a
+dhcpSharedNetwork. Must: cn, dhcpRange May: dhcpClassesDN,
+dhcpPermitList, dhcpLeasesDN, dhcpOptionsDN, dhcpStatements
+
+The following objects can exist within a dhcpPool container: dhcpClass,
+dhcpOptions, dhcpLease, dhcpLog
+
+6. Tracking Address Assignments
+
+The behavior of a DHCP server is influenced by two factors - it's
+configuration and the current state of the addresses that have been
+assigned to clients. This schema defines a set of objects for
+representing the DHCP configuration associated with a server. The
+following object classes provide the ability to record how addresses are
+used including maintaining history (audit log) on individual leases.
+Recording lease information in a directory could result in a significant
+performance impact and is therefore optional. Implementations supporting
+logging of leases need to consider the performance impact.
+
+6.1. dhcpLeases Attribute Definitions
+
+The schema definitions below are for readability the LDIF layout for
+this schema will follow in section 8.
+
+Name: dhcpAddressState Description: This stores information about the
+current binding-status of an address. For dynamic addresses managed by
+DHCP, the values should be restricted to the states defined in the DHCP
+Failover Protocol draft [FAILOVR]: 'FREE', 'ACTIVE', 'EXPIRED',
+'RELEASED', 'RESET', 'ABANDONED', 'BACKUP'. For more information on
+these states see [FAILOVR]. For other addresses, it SHOULD be one of
+the following: 'UNKNOWN', 'RESERVED' (an address that is managed by DHCP
+that is reserved for a specific client), 'RESERVED-ACTIVE' (same as
+reserved, but address is currently in use), 'ASSIGNED' (assigned
+manually or by some other mechanism), 'UNASSIGNED', 'NOTASSIGNABLE'.
+Syntax: IA5String Flags: SINGLE-VALUE
+
+Name: dhcpExpirationTime Description: This is the time the current lease
+for an address expires. Syntax: DateTime Flags: SINGLE-VALUE
+
+
+
+
+M. Meredith et al. Expires December 2001 [Page 7]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+Name: dhcpStartTimeOfState Description: This is the time of the last
+state change for a leased address. Syntax: DateTime Flags: SINGLE-VALUE
+
+Name: dhcpLastTransactionTime Description: This is the last time a valid
+DHCP packet was received from the client. Syntax: DateTime Flags:
+SINGLE-VALUE
+
+Name: dhcpBootpFlag Description: This indicates whether the address was
+assigned via BOOTP Syntax: Boolean Flags: SINGLE-VALUE
+
+Name: dhcpDomainName Description: This is the name of the domain sent to
+the client by the server. It is essentially the same as the value for
+DHCP option 15 sent to the client, and represents only the domain - not
+the full FQDN. To obtain the full FQDN assigned to the client you must
+prepend the "dhcpAssignedHostName" to this value with a ".". Syntax:
+IA5String Flags: SINGLE-VALUE
+
+Name: dhcpDnsStatus Description: This indicates the status of updating
+DNS resource records on behalf of the client by the DHCP server for this
+address. The value is a 16-bit bitmask that has the same values as
+specified by the Failover-DDNS option (see [FAILOVR]). Syntax: Integer
+Flags: SINGLE-VALUE
+
+Name: dhcpRequestedHostName Description: This is the hostname that was
+requested by the client. Syntax: IA5String Flags: SINGLE-VALUE
+
+Name: dhcpAssignedHostName Description: This is the actual hostname that
+was assigned to a client. It may not be the name that was requested by
+the client. The fully qualified domain name can be determined by
+appending the value of "dhcpDomainName" (with a dot separator) to this
+name. Syntax: IA5String Flags: SINGLE-VALUE
+
+Name: dhcpReservedForClient Description: This is the distinguished name
+of the "dhcpHost" that an address is reserved for. This may not be the
+same as the "dhcpAssignedToClient" attribute if the address is being
+reassigned but the current lease has not yet expired. Syntax: DN Flags:
+SINGLE-VALUE
+
+Name: dhcpAssignedToClient Description: This is the distinguished name
+of a "dhcpHost" that an address is currently assigned to. This
+attribute is only present in the class when the address is leased.
+Syntax: DN Flags: SINGLE-VALUE
+
+Name: dhcpRelayAgentInfo Description: If the client request was received
+via a relay agent, this contains information about the relay agent that
+was available from the DHCP request. This is a hex-encoded option
+value. Syntax: OctetString Flags: SINGLE-VALUE
+
+Name: dhcpErrorLog Description: Generic error log attribute that allows
+logging error conditions within a dhcpService or a dhcpSubnet, like no IP
+addresses available for lease. Syntax: IA5String
+
+M. Meredith et al. Expires December 2001 [Page 8]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+6.2. dhcpLeases Object Class
+
+This class represents an IP address. It may or may not be leaseable,
+and the object may exist even though a lease is not currently active for
+the associated IP address.
+
+It is recommended that all Lease objects for a single DHCP Service be
+centrally located within a single container. This ensures that the lease
+objects and the corresponding logs do not have to be relocated, when
+address ranges allocated to individual DHCP subnets and/or pools change.
+
+The schema definitions below are for readability the LDIF layout for
+this schema will follow in section 8.
+
+Name: dhcpLeases Description: This is the object that holds state
+information about an IP address. The cn (which is the IP address), and
+the current address-state are mandatory attributes. If the address is
+assigned then, some of the optional attributes will have valid data.
+Must: cn, dhcpAddressState May: dhcpExpirationTime,
+dhcpStartTimeOfState, dhcpLastTransactionTime, dhcpBootpFlag,
+dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
+dhcpRelayAgentInfo, dhcpHWAddress
+
+6.3 Audit Log Information
+
+A dhcpLog object is created whenever a lease is assigned or released.
+This object is intended to be created under the corresponding dhcpLeases
+container, or dhcpPool, dhcpSubnet, dhcpSharedNetwork or dhcpService
+containers.
+
+The log information under the dhcpLeases container would be for
+addresses matching that lease information. The log information in the
+other containers could be used for errors, i.e. when a pool or subnet is
+out our addresses or if a server is not able to assign any more
+addresses for a particular dhcpService.
+
+Name: dhcpLog Description: This is the object that holds past
+information about an IP address. The cn is the time/date stamp when the
+address was assigned or released, the address state at the time, if the
+address was assigned or released. Must: cn May: dhcpAddressState,
+dhcpExpirationTime, dhcpStartTimeOfState, dhcpLastTransactionTime,
+dhcpBootpFlag, dhcpDomainName, dhcpDnsStatus, dhcpRequestedHostName,
+dhcpAssignedHostName, dhcpReservedForClient, dhcpAssignedToClient,
+dhcpRelayAgentInfo, dhcpHWAddress, dhcpErrorLog
+
+
+
+
+
+
+M. Meredith et al. Expires December 2001 [Page 9]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+7. Determining settings
+
+The dhcpStatements attribute is the key to DHC enhancements that may
+come along, and the different key words that a particular server
+implementation may use. This attribute can be used to hold conditional
+DHCP Statements and DHCP server parameters. Having a generic settings
+attribute that is just a string, allows this schema to be extensible and
+easy to configure.
+
+All of the attributes that end with DN are references to the class that
+precedes the DN e.g. the dhcpPrimaryDN and dhcpSecondaryDN attributes
+hold the Distinguished Names of the dhcpServer objects that are
+associated with the dhcpService object.
+
+8. LDIF format for attributes and classes.
+
+# Attributes
+
+( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC
+'The DN of the dhcpServer which is the primary server for the
+configuration.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DESC 'The DN of
+dhcpServer(s) which provide backup service for the configuration.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC 'Flexible
+storage for specific data depending on what object this exists in. Like
+conditional statements, server parameters, etc. This allows the standard
+to evolve without needing to adjust the schema.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.26 )
+
+( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The starting &
+ending IP Addresses in the range (inclusive), separated by a hyphen; if
+the range only contains one address, then just the address can be
+specified with no hyphen. Each range is defined as a separate value.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC 'This attribute
+contains the permit lists associated with a pool. Each permit list is
+defined as a separate value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'The subnet mask
+length for the subnet. The mask can be easily computed from this
+length.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'Encoded option
+values to be sent to clients. Each value represents a single option and
+contains (OptionTag, Length, OptionValue) encoded in the format used by
+DHCP.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+M. Meredith et al. Expires December 2001 [Page 10]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 'Encoded text
+string or list of bytes expressed in hexadecimal, separated by colons.
+Clients match subclasses based on matching the class data with the
+results of match or spawn with statements in the class name
+declarations.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 'The
+distinguished name(s) of the dhcpOption objects containing the
+configuration options provided by the server.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 'the distinguished
+name(s) of the dhcpHost objects.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC 'The distinguished
+name(s) of pools.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 'The
+distinguished name(s) of the groups.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC 'The
+distinguished name(s) of the subnets.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 'The
+distinguished name of a client address.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
+
+( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC 'The
+distinguished name(s) client addresses.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DESC 'The
+distinguished name(s) of a class(es) in a subclass.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' DESC 'The
+distinguished name(s) of subclass(es).' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkDN' DESC 'The
+distinguished name(s) of sharedNetworks.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DESC 'The DN of
+dhcpService object(s)which contain the configuration information. Each
+dhcpServer object has this attribute identifying the DHCP
+
+
+
+M. Meredith et al. Expires December 2001 [Page 11]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+configuration(s) that the server is associated with.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.12 )
+
+( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 'The version
+attribute of this object.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+VALUE )
+
+( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation' DESC
+'Description of the DHCP Server implementation e.g. DHCP Server's
+vendor.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' DESC 'This stores
+information about the current binding-status of an address. For dynamic
+addresses managed by DHCP, the values should be restricted to the
+following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET",
+"ABANDONED", "BACKUP". For other addresses, it SHOULD be one of the
+following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP
+that is reserved for a specific client), "RESERVED-ACTIVE" (same as
+reserved, but address is currently in use), "ASSIGNED" (assigned
+manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime' DESC 'This is
+the time the current lease for an address expires.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfState' DESC 'This is
+the time of the last state change for a leased address.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactionTime' DESC 'This
+is the last time a valid DHCP packet was received from the client.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DESC 'This indicates
+whether the address was assigned via BOOTP.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DESC 'This is the
+name of the domain sent to the client by the server. It is essentially
+the same as the value for DHCP option 15 sent to the client, and
+represents only the domain - not the full FQDN. To obtain the full FQDN
+assigned to the client you must prepend the "dhcpAssignedHostName" to
+this value with a ".".' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+VALUE )
+
+( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DESC 'This indicates
+the status of updating DNS resource records on behalf of the client by
+
+
+
+M. Meredith et al. Expires December 2001 [Page 12]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+the DHCP server for this address. The value is a 16-bit bitmask.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostName' DESC 'This
+is the hostname that was requested by the client.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostName' DESC 'This is
+the actual hostname that was assigned to a client. It may not be the
+name that was requested by the client. The fully qualified domain name
+can be determined by appending the value of "dhcpDomainName" (with a dot
+separator) to this name.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+VALUE )
+
+( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForClient' DESC 'The
+distinguished name of a "dhcpClient" that an address is reserved for.
+This may not be the same as the "dhcpAssignedToClient" attribute if the
+address is being reassigned but the current lease has not yet expired.'
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClient' DESC 'This is
+the distinguished name of a "dhcpClient" that an address is currently
+assigned to. This attribute is only present in the class when the
+address is leased.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo' DESC 'If the
+client request was received via a relay agent, this contains information
+about the relay agent that was available from the DHCP request. This is
+a hex-encoded option value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DESC 'The clients
+hardware address that requested this IP address.' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssignment' DESC
+'HashBucketAssignment bit map for the DHCP Server, as defined in DHC
+Load Balancing Algorithm [RFC 3074].' SYNTAX
+1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedServiceParameter' DESC
+'Delay in seconds corresponding to Delayed Service Parameter
+configuration, as defined in DHC Load Balancing Algorithm [RFC 3074]. '
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadTime' DESC
+'Maximum Client Lead Time configuration in seconds, as defined in DHCP
+Failover Protocol [FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+
+
+
+M. Meredith et al. Expires December 2001 [Page 13]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpointState' DESC
+'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol
+[FAILOVR]' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC
+Generic error log attribute that allows logging error conditions within a
+dhcpService or a dhcpSubnet, like no IP addresses available for lease.
+SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+#Classes
+
+( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC ' Service object
+that represents the actual DHCP Service configuration. This is a
+container object.' SUP top MUST (cn $ dhcpPrimaryDN) MAY
+(dhcpSecondaryDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $
+dhcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpStatements ) )
+
+( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DESC 'This stores
+configuration information for a shared network.' SUP top MUST cn MAY
+(dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpStatements) X-
+NDS_CONTAINMENT ('dhcpService' ) )
+
+( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'This class defines
+a subnet. This is a container object.' SUP top MUST ( cn $ dhcpNetMask )
+MAY (dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $
+dhcpLeasesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+('dhcpService' 'dhcpSharedNetwork') )
+
+( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This stores
+configuration information about a pool.' SUP top MUST ( cn $ dhcpRange )
+MAY (dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $
+dhcpStatements) X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
+
+( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Group object that
+lists host DNs and parameters. This is a container object.' SUP top MUST
+cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements ) X-NDS_CONTAINMENT
+('dhcpSubnet' 'dhcpService' ) )
+
+( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This represents
+information about a particular client' SUP top MUST cn MAY (dhcpLeaseDN
+$ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Represents
+information about a collection of related clients.' SUP top MUST cn MAY
+(dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+('dhcpService' 'dhcpSubnet' ) )
+
+( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'Represents
+information about a collection of related classes.' SUP top MUST cn MAY
+(dhcpClassData $ dhcpOptionsDN $ dhcpStatements) X-NDS_CONTAINMENT
+
+
+
+M. Meredith et al. Expires December 2001 [Page 14]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+'dhcpClass' )
+
+( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Represents
+information about a collection of options defined.' SUP top MUST cn MAY
+( dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork'
+'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' )
+
+( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'This class
+represents an IP Address, which may or may not have been leased.' SUP
+top MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $
+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
+dhcpRelayAgentInfo $ dhcpHWAddress ) X-NDS_CONTAINMENT ( 'dhcpService'
+'dhcpSubnet' 'dhcpPool') )
+
+( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This is the object
+that holds past information about the IP address. The cn is the
+time/date stamp when the address was assigned or released, the address
+state at the time, if the address was assigned or released.' SUP top
+MUST ( cn ) MAY ( dhcpAddressState $ dhcpExpirationTime $
+dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $
+dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $
+dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $
+dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) X-NDS_CONTAINMENT
+('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
+
+( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'DHCP Server
+Object' SUP top MUST (cn, dhcpServiceDN) MAY (dhcpVersion $
+dhcpImplementation $ dhcpHashBucketAssignment $
+dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $
+dhcpFailOverEndpointState $ dhcpStatements) X-NDS_CONTAINMENT ('O' 'OU'
+'dc') )
+
+9. Security Considerations
+
+Since the DHCP Configuration information is stored in a directory, the
+security of the information is limited to the security offered by the
+directory including the security of the objects within that directory.
+
+10. Intellectual Property Rights Notices
+
+The IETF takes no position regarding the validity or scope of any
+intellectual property or other rights that might be claimed to pertain
+to the implementation or use of the technology described in this
+document or the extent to which any license under such rights might or
+might not be available; neither does it represent that it has made any
+effort to identify any such rights. Information on the IETF's
+procedures with respect to rights in standards-track and standards-
+
+
+
+M. Meredith et al. Expires December 2001 [Page 15]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+related documentation can be found in BCP-11. Copies of claims of
+rights made available for publication and any assurances of licenses to
+be made available, or the result of an attempt made to obtain a general
+license or permission for the use of such proprietary rights by
+implementors or users of this specification can be obtained from the
+IETF Secretariat.
+
+The IETF invites any interested party to bring to its attention any
+copyrights, patents or patent applications, or other proprietary rights
+which may cover technology that may be required to practice this
+standard. Please address the information to the IETF Executive
+Director.
+
+11. Full Copyright Statement
+
+Copyright (C) The Internet Society (2001). All Rights Reserved.
+
+This document and translations of it may be copied and furnished to
+others, and derivative works that comment on or otherwise explain it or
+assist in its implementation may be prepared, copied, published and
+distributed, in whole or in part, without restriction of any kind,
+provided that the above copyright notice and this paragraph are included
+on all such copies and derivative works. However, this document itself
+may not be modified in any way, such as by removing the copyright notice
+or references to the Internet Society or other Internet organizations,
+except as needed for the purpose of developing Internet standards in
+which case the procedures for copyrights defined in the Internet
+Standards process must be followed, or as required to translate it into
+languages other than English.
+
+The limited permissions granted above are perpetual and will not be
+revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on an "AS
+IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
+FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT
+INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
+FITNESS FOR A PARTICULAR PURPOSE.
+
+12. References
+
+[RFC2131] Droms, R., "Dynamic Host Configuration Protocol", RFC 2131,
+March 1997.
+
+[RFC2132] Alexander, S., Droms, R., "DHCP Options and BOOTP Vendor
+Extensions", RFC 2132, March 1997.
+
+
+
+
+M. Meredith et al. Expires December 2001 [Page 16]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+[MSDHCP] Gu, Y., Vyaghrapuri, R., "An LDAP Schema for Dynamic Host
+Configuration Protocol Service", Internet Draft <draft-gu-dhcp-ldap-
+schema-00.txt>, August 1998.
+
+[NOVDHCP] Miller, T., Patel, A., Rao, P., "Lightweight Directory Access
+Protocol (v3): Schema for Dynamic Host Configuration Protocol (DHCP)",
+Internet Draft <draft-miller-dhcp-ldap-schema-00.txt>, June 1998.
+
+[FAILOVR] Droms, R., Rabil, G., Dooley, M., Kapur, A., Gonczi, S., Volz,
+B., "DHCP Failover Protocol", Internet Draft <draft-ietf-dhc-
+failover-08.txt>, July 2000.
+
+[RFC 3074] Volz B., Gonczi S., Lemon T., Stevens R., "DHC Load Balancing
+Algorithm", February 2001
+
+[AGENT] Patrick, M., "DHCP Relay Agent Information Option", Internet
+Draft <draft-ietf-dhc-agent-options-09.txt>, March 2000.
+
+[DHCPOPT] Carney, M., "New Option Review Guidelines and Additional
+Option Namespace", Internet Draft <draft-ietf-dhc-
+option_review_and_namespace-01.txt>, October 1999.
+
+[POLICY] Strassner, J., Elleson, E., Moore, B., "Policy Framework LDAP
+Core Schema", Internet Draft <draft-ietf-policy-core-schema-06.txt>,
+November 1999.
+
+[RFC2251] Wahl, M., Howes, T., Kille, S., "Lightweight Directory Access
+Protocol (v3)", RFC 2251, December 1997.
+
+[RFC2252] Wahl, M., Coulbeck, A., Howes, T., Kille, S., "Lightweight
+Directory Access Protocol (v3) Attribute Syntax Definitions", RFC 2252,
+December 1997.
+
+[RFC2255] Howes, T., Smith, M., "The LDAP URL Format", RFC 2255,
+December 1997.
+
+[RFC951] Croft, B., Gilmore, J., "Bootstrap Protocol (BOOTP)", RFC 951,
+September 1985.
+
+[RFC2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement
+Levels", RFC 2119, March 1997.
+
+13. Acknowledgments
+
+This work is partially based on a previous draft draft-ietf-dhc-
+schema-02.doc.
+
+
+
+
+
+M. Meredith et al. Expires December 2001 [Page 17]
+
+
+
+
+
+INTERNET-DRAFT LDAP Schema for DHCP 16 June 2001
+
+
+14. Author's Addresses
+
+Comments regarding this draft may be sent to the authors at the
+following address:
+
+Mark Meredith
+Mark Hinckley
+Novell Inc.
+1800 S. Novell Place
+Provo, Utah 84606
+
+Vijay K. Nanjundaswamy
+Novell Software Development (I) Ltd
+49/1 & 49/3, Garvebhavi Palya,
+7th Mile, Hosur Road
+Bangalore 560068
+
+email: mark_meredith@novell.com
+email: knvijay@novell.com
+email: mhinckley@novell.com
+
+This Internet Draft expires December 16, 2001.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+M. Meredith et al. Expires December 2001 [Page 18]
+
+
+
+